[Snort-users] Firing off Abuse email based on Snort Traffic
fknobbe at ...652...
Thu May 29 14:17:06 EDT 2003
On Thu, 2003-05-29 at 14:07, Matt Kettler wrote:
> If you can unconditionally prove it is a legitimate attack, then feel free
> to automate.. but abuse should not be abused by carpet bombing it with
> "hunches" and "I think this may be an attack" from automated systems. The
> "maybe" cases should be hand written.
Not just hunches. Even if it is valid, there needs to be some throttle
(perhaps a limit of one email per offending IP). Otherwise an automated
system would fire off an email every time an attack occurs, even if
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-users