[Snort-users] Somewhat OT but RE:Abuse

Madziarczyk, Jonathan than at ...3657...
Wed Oct 10 07:51:14 EDT 2001


Hey guys,
 
This is kind of a big question, I realize a lot of it depends on my
company's policy, but even your own procedures would be good to hear.....
 
Okay, so I set up snort and I do find "people" are trying to hack into my
web site or anything else for that matter.  What do I then do?  I've got an
IP address, now what?  I realize ping -a or something like that, but what if
DNS doesn't resolve?  Do any of you have a typical procedure you do?
Blocking the IP address is obviously a mixed bag (especially if it's a bot).
 
Any suggestions or ideas on where to look for this info would be great, and
very appreciated!
 
Sincerely,
JonM
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20011010/9ddc730d/attachment.html>


More information about the Snort-users mailing list