[Snort-users] ipchains blocking

Mark Price mark at ...3558...
Sat Sep 22 10:29:03 EDT 2001

Does anyone have a script that will block hosts via ipchains
when they try to portscan or exploit?  I got snort running, and
it alerts to syslog.  I installed Guardian, and it runs but doesnt
actually do anything when someone does the IIS cmd.exe or
other exploits.  Nothing in the guardian.log file besides the PID



More information about the Snort-users mailing list