[Snort-users] Blocking individual IP's
fknobbe at ...652...
Sat Apr 13 14:45:02 EDT 2002
On Thu, 2002-04-11 at 09:23, Ronneil Camara wrote:
> It's nice to hear that Snort can talk to Checkpoint. There is actually one, snortsam.
> But you would never want legitimate or trusted parties not to talk to your network
> anymore. What I meant was ip spoofing. Someone can just pretend that they're coming
> from this network. I would suggest you do the blocking manually.
that's why SnortSam has the DONTBLOCK statements so you can prevent the
accidental block of vital networks.
I would continue to block for short durations with SnortSam. If you
recognize evil IP's repeatedly, block those manually with rules on your
FW-1 (One of my first rules is KnownScanners / any / any / drop /
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 350 bytes
Desc: This is a digitally signed message part
More information about the Snort-users