[Snort-users] snort & guardian & CISCO routers

Ralf Hildebrandt Ralf.Hildebrandt at ...3909...
Tue Jan 22 00:12:04 EST 2002

In order to alleviate the load on our snort/demarc IDS I'd like to use
snort & guardian to block hosts portscanning us.

Yes, I'm aware of the DoS opportunity here.

Anyway: snort logs to a database, but also logs (at least portscans)
to a plain text file which can be monitored by guardian.

Are there any read-made scripts that create blocklists for CISCO

Ralf Hildebrandt (Im Auftrag des Referat V A)   Ralf.Hildebrandt at ...3909...
Charite Campus Virchow-Klinikum                 Tel.  +49 (0)30-450 570-155
Referat V A - Kommunikationsnetze -             Fax.  +49 (0)30-450 570-916
Program /n./
 1. A magic spell cast over a computer allowing it to turn one's input
  into error messages.
 2. An exercise in experimental epistemology.
 3. A form of art, ostensibly intended for the instruction of computers,
  which is nevertheless almost inevitably a failure if other programmers
  can't understand it.
 - From the Jargon File. 

More information about the Snort-users mailing list