[Snort-users] Somewhat OT but RE:Abuse
than at ...3657...
Wed Oct 10 07:51:14 EDT 2001
This is kind of a big question, I realize a lot of it depends on my
company's policy, but even your own procedures would be good to hear.....
Okay, so I set up snort and I do find "people" are trying to hack into my
web site or anything else for that matter. What do I then do? I've got an
IP address, now what? I realize ping -a or something like that, but what if
DNS doesn't resolve? Do any of you have a typical procedure you do?
Blocking the IP address is obviously a mixed bag (especially if it's a bot).
Any suggestions or ideas on where to look for this info would be great, and
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users