[Snort-users] Semi-automatic notification email generator for Snort?
iwebb at ...6468...
Sun Jul 28 15:52:03 EDT 2002
Thanks. I'm on a Windows machine, though - will submitting my ICF logs
be enough, or should I try to get the Perl agent for reporting my Snort
logs working as well? If so, anyone done that and know what needs to be
I've been manually emailing the worst offenders (hundreds of scans /
week) at their whois contacts, and I've gotten autoresponders from most
of them. Abuse.net is a much better solution, though - I'm going to
switch to using it.
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Michael
Sent: Sunday, July 28, 2002 1:19 PM
To: "Ian Webb"
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Semi-automatic notification email generator
has a perl agent that reads snort,ipfw,ipchains,ipfilter,iptunnels,
pix,cisco logs, etc
obscrusifakates last two octets of you ip address, filters out false
alarms (by looking at 1000 other sensors)
(oh, the whois contact is usually bogus.. dropped years ago do to being
spammed to hell and back, www.abuse.net has better chance, but what do
you do about china, korea, tiawan, south america, etc)
SECNAP Network Security, LLC
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Ar you a security professinal? see http://www.secnap.net/employment/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users