[Snort-users] how to block an attacker.

Frank Knobbe FKnobbe at ...649...
Tue Apr 3 20:06:28 EDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> -----Original Message-----
> From: Hallawell, Samuel J
> [mailto:Samuel.J.Hallawell at ...1734...] Sent: Tuesday, April
> 03, 2001 6:20 PM
> 
> HI all,
> I am using Snort 1.7 on RH7 and would like to know of any 
> products that are
> used to block the IP address of the detected attacker.
> 
> The way I would like it to work is that Snort detects an 
> attack, records the
> IP and then block that IP for accessing that service/s.
> 
> Either by service or at host level.


Ahh, thank God... I thought I was the only one interested in this...
:)

I'm currently working on a snort plug-in that will reconfigure
Checkpoint Firewall-1 boxes to block the intruder. I'll post to this
list when it is finished and tested. Stay tuned to this list...

Regards,
Frank

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.

iQA+AwUBOsplg5ytSsEygtEFEQJPUQCYyrZ21w9cHH6civZvngpK64zSZwCcCmDs
NE3SRR/gtV9khdtpScrlZHk=
=EBdu
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list