[Snort-users] DROP connections?
albertg at ...8504...
Sat Apr 12 11:27:07 EDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, 12 Apr 2003, /dev/null wrote:
> Right now when snort detectes something (like nimda for example), I'd
> like to do two things, (1) add the offending IP to my iptables DROP list
> and (2) add the offending IP to a config file that is used to build the
> iptables rules at bootup. I have the script already, I just need a way
> to have it triggered as soon as snort posts the alert.
SnortSam has the ability to insert firewall for you when snort detects
something suspicious. It also understands iptables and various others.
 - http://www.snortsam.net
"Success comes to the person who does today, what you are thinking of doing tomorrow."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Snort-users