Snort mailing list archives
Re: Guardian with Snort - Help
From: Snortman <snortman () attbi com>
Date: Wed, 04 Jun 2003 14:03:11 -0600
What block script are you using? Are you trying to block using PF or are you changing the routing tables?
Imran Ahmad wrote:
Hi; I am new to Snort and to this list.I have setup Snort successfully and now trying to setup "Guardian". Couldn't find and list for Guardian.. I am running FreeBSD based firewall with three interfaces (Internal, External and DMZ). My External and DMZ are on the same C class which has been subneted. Now in my Guardian.ignore file, I have defined my external C class.Snort is producing Attack Alerts and Guardian is detecting it. But instead of block the attack it's producing the following log messageOdd.. source = Attacker's IP, dest = (My Class Address) - No action done.Any help will be appreciated. Regards;Imran Ahmad IT Manager_____________________________________________________________ Burdett Buckeridge Young Limited A participating organisation of the Australian Stock Exchange Level 17, 60 Margaret St Sydney NSW 2000 Direct: +61 2 9226 0059Fax: +61 2 9226 0066Email: ira () bby com au Website: www.bby.com.au
------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Guardian with Snort - Help Imran Ahmad (May 09)
- Re: Guardian with Snort - Help Snortman (Jun 04)