[Snort-users] snort & guardian & CISCO routers
Ralf.Hildebrandt at ...3909...
Tue Jan 22 00:12:04 EST 2002
In order to alleviate the load on our snort/demarc IDS I'd like to use
snort & guardian to block hosts portscanning us.
Yes, I'm aware of the DoS opportunity here.
Anyway: snort logs to a database, but also logs (at least portscans)
to a plain text file which can be monitored by guardian.
Are there any read-made scripts that create blocklists for CISCO
Ralf Hildebrandt (Im Auftrag des Referat V A) Ralf.Hildebrandt at ...3909...
Charite Campus Virchow-Klinikum Tel. +49 (0)30-450 570-155
Referat V A - Kommunikationsnetze - Fax. +49 (0)30-450 570-916
1. A magic spell cast over a computer allowing it to turn one's input
into error messages.
2. An exercise in experimental epistemology.
3. A form of art, ostensibly intended for the instruction of computers,
which is nevertheless almost inevitably a failure if other programmers
can't understand it.
- From the Jargon File.
More information about the Snort-users