Snort mailing list archives
Antwort: Re: Blocking not friendly traffic
From: ks () schuricht de
Date: Tue, 7 Aug 2001 09:14:44 +0200
Hi Ralf,
Nothing ... After some time my IIS5+Index server again infected. Question: with snort I can block this traffic or not? Or I must use normal firewall (like Firewall-1 or other firewall)???
If the alert is triggered, the packet already infected your machine. So there's little you can do. Normal firewall won't help, because it's legitimate traffic (the point of a webserver is to server webpages!)
I write a litte c-program that scans snort-logfiles all 15 minutes for several attacks. If we detect portscan, CodeReds a.s.o. the program rejects tcp/udp/icmptraffic for all 'enemy' hosts found (means: inserts a ipchains-Rules). It's a bit like guardian. Best regards, Kai. -- Abt. eBusiness / Entwicklung D. Schuricht GmbH & Co. KG http://www.schuricht.de Ralf Hildebrandt <Ralf.Hildebrandt@innominate. An: Snort-users () lists sourceforge net com> Kopie: Gesendet von: Thema: Re: [Snort-users] Blocking not friendly snort-users-admin@lists.sourc traffic eforge.net 07.08.01 08:20 On Tue, Aug 07, 2001 at 12:47:56PM +0700, ??????? ??????? wrote:
Nothing ... After some time my IIS5+Index server again infected. Question: with snort I can block this traffic or not? Or I must use normal firewall (like Firewall-1 or other firewall)???
If the alert is triggered, the packet already infected your machine. So there's little you can do. Normal firewall won't help, because it's legitimate traffic (the point of a webserver is to server webpages!) If you want servers that work, stay up, perform, and aren't rooted every other second, use Apache on OpenBSD. -- ralf.hildebrandt () innominate com innominate AG Technical Consultant Don't be afraid of what you see - Diplom-Informatiker be afraid of what you don't see! tel: +49.(0)7000.POSTFIX fax: +49.(0)30.308806-77 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Antwort: Re: Blocking not friendly traffic ks (Aug 07)
- Re: Antwort: Re: Blocking not friendly traffic Dragos Ruiu (Aug 07)