Re: sending alerts by email / active response Win2K system [RMC-J7FLJI4]

[ICB1981 () aol com]

I am not quite sure if it will work under w2000

i am using logcheck from www.psionic .com
with little chances (adding the strings form the classification config an using a third .ignore file
for the Active Attack section.

It should also work unter winnt
with some sort of unixtools installed (can't remember
the package name but it was free).

some sort of active response is really easy
without any firewalling 
a simple 
route delete <ip adress oft the attacker> 
should work in most cases. 
Works fine under linux and you have some time to update your firewall policy.
In my opinion this should be done manually.
The ip adress you get can be faked or shared by many users like (dhcp proxys) etc. 

harald
    



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users