Snort mailing list archives
RE: Firing off Abuse email based on Snort Traffic
From: "Nicholas Delo" <ndelo () limcollege edu>
Date: Thu, 29 May 2003 19:05:13 -0400
This perl proggy should do what you want. http://securityfocus.com/tools/1959 However, I must admit, like everyone else here, I really don't think this is a viable solution or good business practice. After having looked this program over, I don't really think it is worth much, since it will only trigger incident reports based upon the number of appearances an IP makes within your snort logs, as opposed to being triggered by actual snort signatures you consider to be serious alerts. --ndelo -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Matt Howell Sent: Thursday, May 29, 2003 1:45 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Firing off Abuse email based on Snort Traffic All... We are starting to really see the benefit of our Snort deployment project, and inevitably the project's scope has been expanded. We would like to set up a Sensor to automatically send Abuse emails to the ISP of any hosts that break our Portscan threshold. Has anyone seen a project / product out there that does this already? Any input would be appreciated... TIA, -Matt ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Attachment:
Nicholas Delo (ndelo@limcollege.edu).vcf
Description:
Current thread:
- Re: Firing off Abuse email based on Snort Traffic, (continued)
- Re: Firing off Abuse email based on Snort Traffic Matt Howell (May 29)
- Re: Firing off Abuse email based on Snort Traffic Erek Adams (May 29)
- Re: Firing off Abuse email based on Snort Traffic Matt Howell (May 29)
- Re: Firing off Abuse email based on Snort Traffic Skip Carter (May 29)
- Re: Firing off Abuse email based on Snort Traffic Budi Rahardjo (May 29)
- Re: Firing off Abuse email based on Snort Traffic Michael H. Warfield (May 29)
- Re: Firing off Abuse email based on Snort Traffic Matt Howell (May 29)
- Re: [OT] Firing off Abuse email based on Snort Traffic Matt Howell (May 30)
- Re: [OT] Firing off Abuse email based on Snort Traffic james (May 30)
- RE: Firing off Abuse email based on Snort Traffic Matt Howell (May 29)