[Snort-users] DROP connections?

Derya Sezen funky at ...8796...
Sat Apr 12 14:01:03 EDT 2003


On Sat, 2003-04-12 at 11:03, /dev/null wrote:
> I have snort running and love it.  It's running on a firewall/gateway
> box.  I've read the FAQ and searched the web but can't seem to see an
> already-invented way of doing this, but I think surely someone else has
> it working already.
> 

did you tried "hogwash" ?

> Right now when snort detectes something (like nimda for example), I'd
> like to do two things, (1) add the offending IP to my iptables DROP list
> and (2) add the offending IP to a config file that is used to build the
> iptables rules at bootup.  I have the script already, I just need a way
> to have it triggered as soon as snort posts the alert.
> 

There is a program called "HolePatcher" which has a XML protocol and you
can send XML commands remotely to a firewall which is under
developpement, in lately summer you can find that in
http://gsu.linux.org.tr

> Thanks!
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
> for complex code. Debugging C/C++ programs can leave you feeling lost and 
> disoriented. TotalView can help you find your way. Available on major UNIX 
> and Linux platforms. Try it free. www.etnus.com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- 
Derya Sezen <funky at ...8796...>





More information about the Snort-users mailing list