[Snort-users] Telnet alert...
Syed Mohammad Talha
talha at ...3474...
Tue Sep 18 03:39:02 EDT 2001
I have a machine as a gateway to my network with two public and private IP addresses. I am using ipchains for the masquerading and running snort on both the interfaces and trying to secure the machines from internal and external users. Now when ever I get an alert, I am using a guardian script to block that IP for a certain period of time.
My problem is that when someone tries to telnet from internal machine to some external machine it pick the external machine's IP as source and if the user gives the wrong password it blocks the source IP which results in stopping all the traffic for that machine for all the network users, because that script puts a deny rule in ipchains for that source address. I want to block such access but not for all for the users who are giving the wrong passwords. Also is there a way that I can define in snort that don't put an alert for first two failed tries. If anyone can help in this regards.
Thanks and Regards.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users