RE: Whad'ya do?

["Aaron McKinnon" <aaron () fullerene com>]

ARIS is very cool! I just set it up and made it send a report right before
rotating the logs... I dig it.

-----------------------------------
Aaron McKinnon
System Administrator
Fullerene Productions, Inc.
3250 Wilshire Blvd. Suite 2000
Los Angeles, CA 90010
213.365.1692
-----------------------------------

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Ryan
Russell
Sent: Tuesday, May 08, 2001 2:58 PM
To: Dave.Hampel () cominco com
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Whad'ya do?


On Tue, 8 May 2001 Dave.Hampel () cominco com wrote:

> I was wondering..... I monitor my firewall logs and I get messages from
> Snort saying someone is scanning my network using FTP or SunRPC source
port
> (etc.) Great. Works as advertised. BUT what do you DO about it.
> Has anyone taken measures to actually stop or report these a*holes that
are
> wasting bandwidth?

<plug>
You might check out ARIS http://aris.securityfocus.com .  We give you a
way to manage reporting incidents to ISPs, among a number of other
features. It's also a way to be one more count against a particular
attacker even if you don't want to report things yourself.  It's free.
</plug>

                                Ryan


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users