[Snort-users] (no subject)

Miller, Eoin Miller at ...6968...
Mon Aug 4 11:44:04 EDT 2003


http://www.mynetwatchman.com/ - automatic abuse reporting client tools, works with snort and several types of firewalls.

most abuse reports get ignored because most people forget to include pertinent information (timestamps and what timezone they are generated in etc) and i dont know of any ISP's that will inform the people who created the case as to the resolution or if one was reached, that requires entirely to much overhead for already worked to death abuse staff who are sometimes weeks deep in tickets.


-----Original Message-----
From: Marc Quibell [mailto:mquibell at ...7759...]
Sent: Monday, August 04, 2003 2:03 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] (no subject)

I've seen the "Snort threshold email" alerts posted here before, and would like
to see anyone's BEST config to accomplish threshold email alerts.

What would also be cool is automatic Abuse notifications to ISPs and IP holders
from Snort alerts. i.e.: I get 250 port scans from IP A, and I have Snort
configured so that if I get so many alerts per second or if I get certain types
of alerts, this program would do an ARIN lookup of the IP owner and send off the
log to them.

I guess one poin tof this would be that since most of our Abuse reports get
ignored, we don't have to waste any time on it either. Comments? TIA!

Marc




More information about the Snort-users mailing list