Snort mailing list archives
Re: DROP connections?
From: Derya Sezen <funky () gsu linux org tr>
Date: 12 Apr 2003 23:29:59 +0300
On Sat, 2003-04-12 at 11:03, /dev/null wrote:
I have snort running and love it. It's running on a firewall/gateway box. I've read the FAQ and searched the web but can't seem to see an already-invented way of doing this, but I think surely someone else has it working already.
did you tried "hogwash" ?
Right now when snort detectes something (like nimda for example), I'd like to do two things, (1) add the offending IP to my iptables DROP list and (2) add the offending IP to a config file that is used to build the iptables rules at bootup. I have the script already, I just need a way to have it triggered as soon as snort posts the alert.
There is a program called "HolePatcher" which has a XML protocol and you can send XML commands remotely to a firewall which is under developpement, in lately summer you can find that in http://gsu.linux.org.tr
Thanks! ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Derya Sezen <funky () gsu linux org tr> ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Web Session Capture and Replay Suwarna Patel (Apr 11)
- Re: Web Session Capture and Replay Edin Dizdarevic (Apr 12)
- DROP connections? /dev/null (Apr 12)
- Re: DROP connections? Alberto Gonzalez (Apr 12)
- Re: DROP connections? Derya Sezen (Apr 12)
- DROP connections? /dev/null (Apr 12)
- Re: Web Session Capture and Replay Edin Dizdarevic (Apr 12)