[Snort-users] ipchains blocking

Mark Price mark at ...3558...
Sat Sep 22 10:29:03 EDT 2001


Does anyone have a script that will block hosts via ipchains
when they try to portscan or exploit?  I got snort running, and
it alerts to syslog.  I installed Guardian, and it runs but doesnt
actually do anything when someone does the IIS cmd.exe or
other exploits.  Nothing in the guardian.log file besides the PID

thanks

Mark






More information about the Snort-users mailing list