[Snort-users] how to block an attacker.

Yonah Russ yonah at ...569...
Wed Apr 4 15:35:02 EDT 2001


On Wed, 4 Apr 2001, Henry Sieff wrote:

> If you did this (I toyed around with the idea by using a perl proggie
> which would check for certain kinds of events and reconfigure my Cisco
> ACL's based upon it) you would want to restrict yourself to actual
> exploits where the source IP couldn't be spoofed without rooting your
> routers.)

I don't personally believe in this approach but the truth is that
depending on your situation, this might not result in a
DOS attack in any case- depending on your situation. If you __don't__
automaticaly block any internal ip's or any external ip's that are known
to be crucial to your systems, you might get away with something like
this.
yonah

>
> I haven't done this in a while; I grew uncomfortable with the idea of
> automatic router reconfigs, but its not very hard (if your security
> device has a decent way for you to pump configuration changes via a
> command line).
>
> Henry
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>

Email:		<yonah at ...570...>
Homepage:	<http://p-yonah.jct.ac.il/>
PGP:            0x7C3C2524 <ldap://certserver.pgp.com>

"Quote me as saying I was misquoted."
				--Groucho Marx





More information about the Snort-users mailing list