[Snort-users] DROP connections?
funky at ...8796...
Sat Apr 12 14:01:03 EDT 2003
On Sat, 2003-04-12 at 11:03, /dev/null wrote:
> I have snort running and love it. It's running on a firewall/gateway
> box. I've read the FAQ and searched the web but can't seem to see an
> already-invented way of doing this, but I think surely someone else has
> it working already.
did you tried "hogwash" ?
> Right now when snort detectes something (like nimda for example), I'd
> like to do two things, (1) add the offending IP to my iptables DROP list
> and (2) add the offending IP to a config file that is used to build the
> iptables rules at bootup. I have the script already, I just need a way
> to have it triggered as soon as snort posts the alert.
There is a program called "HolePatcher" which has a XML protocol and you
can send XML commands remotely to a firewall which is under
developpement, in lately summer you can find that in
> This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger
> for complex code. Debugging C/C++ programs can leave you feeling lost and
> disoriented. TotalView can help you find your way. Available on major UNIX
> and Linux platforms. Try it free. www.etnus.com
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Derya Sezen <funky at ...8796...>
More information about the Snort-users