[Snort-users] Firing off Abuse email based on Snort Traffic

Frank Knobbe fknobbe at ...652...
Thu May 29 14:17:06 EDT 2003


On Thu, 2003-05-29 at 14:07, Matt Kettler wrote:
> If you can unconditionally prove it is a legitimate attack, then feel free 
> to automate.. but abuse should not be abused by carpet bombing it with 
> "hunches" and "I think this may be an attack" from automated systems. The 
> "maybe" cases should be hand written.

Not just hunches. Even if it is valid, there needs to be some throttle
(perhaps a limit of one email per offending IP). Otherwise an automated
system would fire off an email every time an attack occurs, even if
legitimate.

Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030529/193cf7f1/attachment.sig>


More information about the Snort-users mailing list