RE: Semi-automatic notification email generator for Snort?

["Ian Webb" <iwebb () carolina rr com>]

Thanks. I'm on a Windows machine, though - will submitting my ICF logs
be enough, or should I try to get the Perl agent for reporting my Snort
logs working as well? If so, anyone done that and know what needs to be
changed?
 
I've been manually emailing the worst offenders (hundreds of scans /
week) at their whois contacts, and I've gotten autoresponders from most
of them. Abuse.net is a much better solution, though - I'm going to
switch to using it.
 
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Michael
Scheidell
Sent: Sunday, July 28, 2002 1:19 PM
To: "Ian Webb"
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Semi-automatic notification email generator
for Snort?
 
www.mynetwatchman.com
 
has a perl agent that reads snort,ipfw,ipchains,ipfilter,iptunnels,
pix,cisco logs, etc
 
obscrusifakates last two octets of you ip address, filters out false
alarms (by looking at 1000 other sensors)
etc.
 
(oh, the whois contact is usually bogus.. dropped years ago do to being
spammed to hell and back, www.abuse.net has better chance, but what do
you do about china, korea, tiawan, south america, etc)
 
 
--
Michael Scheidell
SECNAP Network Security, LLC 
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Ar you a security professinal? see http://www.secnap.net/employment/