[Snort-users] OT: how to respond to alerts

Doug White dwhite at ...1486...
Fri Mar 30 15:31:56 EST 2001


On Fri, 30 Mar 2001, Anders Toll wrote:

> This isn't really have to do with Snort but is relevant anyway:
>
> How do You respond the alerts? Send email complaining to ripe-addresses?
> Block the users out on gateway/firewall-level?

Well, the first part is to to examine the packets themselves and verify
they're authentic. Second, ensure you weren't exploited .. so check those
webservers for those files, known 'sploits, etc.  THEN you can go after
the kiddie. :)

Doug White                    |  FreeBSD: The Power to Serve
dwhite at ...1486...     |  www.FreeBSD.org





More information about the Snort-users mailing list