[Snort-users] Blocking individual IP's

Frank Knobbe fknobbe at ...652...
Sat Apr 13 14:45:02 EDT 2002


On Thu, 2002-04-11 at 09:23, Ronneil Camara wrote:
> It's nice to hear that Snort can talk to Checkpoint. There is actually one, snortsam.
> But you would never want legitimate or trusted parties not to talk to your network
> anymore. What I meant was ip spoofing. Someone can just pretend that they're coming
> from this network. I would suggest you do the blocking manually.


Hey Ronneil,

that's why SnortSam has the DONTBLOCK statements so you can prevent the
accidental block of vital networks.

To James:

I would continue to block for short durations with SnortSam. If you
recognize evil IP's repeatedly, block those manually with rules on your
FW-1 (One of my first rules is  KnownScanners / any / any / drop /
nolog).

Regards,
Frank


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 350 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020413/a850336b/attachment.sig>


More information about the Snort-users mailing list