Re: Guardian with Snort - Help

[Snortman <snortman () attbi com>]

What block script are you using?  Are you trying to block using PF or 
are you changing the routing tables?

Imran Ahmad wrote:

> Hi;
>
> I am new to Snort and to this list.
> I have setup Snort successfully and now trying to setup "Guardian". 
> Couldn't find and list for Guardian..
> I am running FreeBSD based firewall with three interfaces (Internal, 
> External and DMZ).
> My External and DMZ are on the same C class which has been subneted. 
> Now in my Guardian.ignore file, I have defined my external C class.
>
> Snort is producing Attack Alerts and Guardian is detecting it. But 
> instead of block the attack it's producing the following log message
>
> Odd.. source = Attacker's IP, dest = (My Class Address) - No action 
> done.  
>
> Any help will be appreciated.
>
>
> Regards;
>
> Imran Ahmad                                     
> IT Manager
> _____________________________________________________________
> Burdett Buckeridge Young Limited
> A participating organisation of the Australian Stock Exchange
>
> Level 17, 60 Margaret St
> Sydney NSW 2000
> Direct: +61 2 9226 0059
> Fax:    +61 2 9226 0066        
>
> Email:   ira () bby com au
> Website: www.bby.com.au




-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users