[Snort-users] RE:Somewhat OT but RE:AbuseRe:

Bob Hillegas bobhillegas at ...3133...
Wed Oct 10 18:12:10 EDT 2001


On Wed, 10 Oct 2001 "Madziarczyk, Jonathan" <than at ...3657...> wrote:

> Message: 1
> From: "Madziarczyk, Jonathan" <than at ...3657...>
> To: snort-users at lists.sourceforge.net
> Date: Wed, 10 Oct 2001 09:50:39 -0500
> Subject: [Snort-users] Somewhat OT but RE:Abuse
>
> Hey guys,
>
> This is kind of a big question, I realize a lot of it depends on my
> company's policy, but even your own procedures would be good to hear.....
>
> Okay, so I set up snort and I do find "people" are trying to hack into my
> web site or anything else for that matter.  What do I then do?  I've got an
> IP address, now what?  I realize ping -a or something like that, but what if
> DNS doesn't resolve?  Do any of you have a typical procedure you do?
> Blocking the IP address is obviously a mixed bag (especially if it's a bot).
>
> Any suggestions or ideas on where to look for this info would be great, and
> very appreciated!
>
> Sincerely,
> JonM
>

You might be interested in the 'Distributed Intrusion Detection System'.
Log onto www.dshield.org and see whether you wish to install a script
(perl) to translate your log entries into submissions to their database.

Interesting concept.


-- 
-------------------------------------------------
Bob Hillegas
<bobhillegas at ...3133...>
281.546.9311







More information about the Snort-users mailing list