[Snort-users] DROP connections?

Alberto Gonzalez albertg at ...8504...
Sat Apr 12 11:27:07 EDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On Sat, 12 Apr 2003, /dev/null wrote:

> Right now when snort detectes something (like nimda for example), I'd
> like to do two things, (1) add the offending IP to my iptables DROP list
> and (2) add the offending IP to a config file that is used to build the
> iptables rules at bootup.  I have the script already, I just need a way
> to have it triggered as soon as snort posts the alert.
> 
> Thanks!
> 

SnortSam[0] has the ability to insert firewall for you when snort detects 
something suspicious. It also understands iptables and various others. 

 Cheers,
 Alberto Gonzalez

[0] - http://www.snortsam.net

- -- 
"Success comes to the person who does today, what you are thinking of doing tomorrow." 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+mFpQa3vAB/3yp/IRAiR9AKCxY7s3EZ3+7493Pf1w98ua3e55UACgr8yA
0sHAs2tz6I7utvB+LYxKioU=
=MkXy
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list