[Snort-users] how to block an attacker.

Lance Spitzner lance at ...185...
Tue Apr 3 19:44:53 EDT 2001


On Wed, 4 Apr 2001, Hallawell, Samuel J wrote:

> HI all,
> I am using Snort 1.7 on RH7 and would like to know of any products that are
> used to block the IP address of the detected attacker.
>
> The way I would like it to work is that Snort detects an attack, records the
> IP and then block that IP for accessing that service/s.

Be VERY careful when you do this, blackhats can use this against you.
The systems that appear to be scanning/attacking you may be spoofed,
blocking them can be rather ugly for you :-0

nmap -sS -D a.root-servers.net,(list all root servers) <your system>


lance





More information about the Snort-users mailing list