[Snort-users] Guardian with Snort - Help
snortman at ...4371...
Wed Jun 4 13:04:03 EDT 2003
What block script are you using? Are you trying to block using PF or
are you changing the routing tables?
Imran Ahmad wrote:
> I am new to Snort and to this list.
> I have setup Snort successfully and now trying to setup "Guardian".
> Couldn't find and list for Guardian..
> I am running FreeBSD based firewall with three interfaces (Internal,
> External and DMZ).
> My External and DMZ are on the same C class which has been subneted.
> Now in my Guardian.ignore file, I have defined my external C class.
> Snort is producing Attack Alerts and Guardian is detecting it. But
> instead of block the attack it's producing the following log message
> Odd.. source = Attacker's IP, dest = (My Class Address) - No action
> Any help will be appreciated.
> Imran Ahmad
> IT Manager
> Burdett Buckeridge Young Limited
> A participating organisation of the Australian Stock Exchange
> Level 17, 60 Margaret St
> Sydney NSW 2000
> Direct: +61 2 9226 0059
> Fax: +61 2 9226 0066
> Email: ira at ...9134...
> Website: www.bby.com.au
More information about the Snort-users