Snort mailing list archives

Re: Firing off Abuse email based on Snort Traffic

From: Todd Holloway <todd () duckland org>
Date: Fri, 30 May 2003 10:52:52 -0500

I have not tried this program yet...but it may help.

http://freshmeat.net/projects/incident.pl/

About:
incident.pl is a small script that, when given syslogs generated by snort
or other tools, can generate an incident report for events that appear
to be attempted security attacks, gather information on the remote host,
and report the attack to the appropriate administrators.

Author:
Viraj Alankar 



todd


On Thu, May 29, 2003 at 10:44:52AM -0700, Matt Howell wrote:

All...

We are starting to really see the benefit of our Snort deployment
project, and inevitably the project's scope has been expanded.  We would
like to set up a Sensor to automatically send Abuse emails to the ISP of
any hosts that break our Portscan threshold.   Has anyone seen a project
/ product out there that does this already?

Any input would be appreciated...

TIA,

-Matt





-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-- 
The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in. We're computer professionals. We
cause accidents.

                Nathaniel Borenstein, inventor of MIME.


-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: Firing off Abuse email based on Snort Traffic, (continued)
- - - Re: Firing off Abuse email based on Snort Traffic Matt Howell (May 29)
    - Re: Firing off Abuse email based on Snort Traffic Skip Carter (May 29)
    - Re: Firing off Abuse email based on Snort Traffic Budi Rahardjo (May 29)
    - Re: Firing off Abuse email based on Snort Traffic Michael H. Warfield (May 29)
  - Re: Firing off Abuse email based on Snort Traffic Frank Knobbe (May 29)
  - Re: [OT] Firing off Abuse email based on Snort Traffic Matt Kettler (May 30)
    - Re: [OT] Firing off Abuse email based on Snort Traffic Matt Howell (May 30)
    - Re: [OT] Firing off Abuse email based on Snort Traffic james (May 30)
- RE: Firing off Abuse email based on Snort Traffic Nicholas Delo (May 29)
- Re: Firing off Abuse email based on Snort Traffic Mark Rowlands (May 29)
- Re: Firing off Abuse email based on Snort Traffic Todd Holloway (May 30)
- RE: Firing off Abuse email based on Snort Traffic bmcdowell (May 29)
  - RE: Firing off Abuse email based on Snort Traffic Matt Howell (May 29)
- RE: Firing off Abuse email based on Snort Traffic Donofrio, Lewis (May 29)
- Re: Firing off Abuse email based on Snort Traffic scheidell (May 30)