[Snort-users] Question about Alerts

Joe Giles jgiles at ...6534...
Mon Oct 28 10:04:05 EST 2002


I'll check it out. Thanks

Can it be used in conjunction with IPTABLES?

Thanks

Joe

On Mon, 2002-10-28 at 10:55, Miller, Eoin wrote:
> you might want to checkout inline snort / hogwash:
> 
> http://hogwash.sourceforge.net/
> 
> if a packet matches something in the list of snort alerts it will drop it, log it and pass it, or ignore it. this can be done even with out IP support on the box.
> 
> > -----Original Message-----
> > From: Joe Giles [mailto:jgiles at ...6534...]
> > Sent: Monday, October 28, 2002 12:37 PM
> > To: Snort-List
> > Subject: [Snort-users] Question about Alerts
> > 
> > 
> > I think I have seen this question before, but I'll ask again. Is there
> > anyway to incorporate Snort with IPTABLES is order to drop 
> > selected ip's
> > that generate an alert? 
> > 
> > Example:
> > I get a KLEZ incoming alert. I would like to have that passed to
> > IPTABLES to DROP that IP address long enough to not allow the virus to
> > get transfered, then reopen the IP till the next alert. Or something
> > along those lines..
> > 
> > Thoughts?
> > 
> > Thanks
> > 
> > Joe
> > 
> > 
> > 
> > 
> > 
> > -------------------------------------------------------
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > 






More information about the Snort-users mailing list