[Snort-users] how to block an attacker.
yonah at ...569...
Wed Apr 4 15:35:02 EDT 2001
On Wed, 4 Apr 2001, Henry Sieff wrote:
> If you did this (I toyed around with the idea by using a perl proggie
> which would check for certain kinds of events and reconfigure my Cisco
> ACL's based upon it) you would want to restrict yourself to actual
> exploits where the source IP couldn't be spoofed without rooting your
I don't personally believe in this approach but the truth is that
depending on your situation, this might not result in a
DOS attack in any case- depending on your situation. If you __don't__
automaticaly block any internal ip's or any external ip's that are known
to be crucial to your systems, you might get away with something like
> I haven't done this in a while; I grew uncomfortable with the idea of
> automatic router reconfigs, but its not very hard (if your security
> device has a decent way for you to pump configuration changes via a
> command line).
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Email: <yonah at ...570...>
PGP: 0x7C3C2524 <ldap://certserver.pgp.com>
"Quote me as saying I was misquoted."
More information about the Snort-users