Re: DROP connections?

[Alberto Gonzalez <albertg () wwjh net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On Sat, 12 Apr 2003, /dev/null wrote:

> Right now when snort detectes something (like nimda for example), I'd
> like to do two things, (1) add the offending IP to my iptables DROP list
> and (2) add the offending IP to a config file that is used to build the
> iptables rules at bootup.  I have the script already, I just need a way
> to have it triggered as soon as snort posts the alert.
>
> Thanks!

SnortSam[0] has the ability to insert firewall for you when snort detects 
something suspicious. It also understands iptables and various others. 

 Cheers,
 Alberto Gonzalez

[0] - http://www.snortsam.net

- -- 
"Success comes to the person who does today, what you are thinking of doing tomorrow." 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+mFpQa3vAB/3yp/IRAiR9AKCxY7s3EZ3+7493Pf1w98ua3e55UACgr8yA
0sHAs2tz6I7utvB+LYxKioU=
=MkXy
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users