Snort mailing list archives
Re: sending alerts by email / active response Win2K system [RMC-J7FLJI4]
From: ICB1981 () aol com
Date: Tue, 28 Jan 2003 10:41:16 -0500
I am not quite sure if it will work under w2000 i am using logcheck from www.psionic .com with little chances (adding the strings form the classification config an using a third .ignore file for the Active Attack section. It should also work unter winnt with some sort of unixtools installed (can't remember the package name but it was free). some sort of active response is really easy without any firewalling a simple route delete <ip adress oft the attacker> should work in most cases. Works fine under linux and you have some time to update your firewall policy. In my opinion this should be done manually. The ip adress you get can be faked or shared by many users like (dhcp proxys) etc. harald ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- sending alerts by email / active response Win2K system [RMC-J7FLJI4] Romulo M. Cholewa (Jan 27)
- RE: sending alerts by email / active response Win2K system [RMC-J7FLJI4] Mike Koponick (Jan 28)
- RE: sending alerts by email / active response Win2K system [RMC-J7FLJI4] Michael Steele (Jan 28)
- <Possible follow-ups>
- Re: sending alerts by email / active response Win2K system [RMC-J7FLJI4] ICB1981 (Jan 28)