[Snort-users] Firing off Abuse email based on Snort Traffic

Nicholas Delo ndelo at ...9245...
Thu May 29 16:06:06 EDT 2003


This perl proggy should do what you want. 

http://securityfocus.com/tools/1959

However, I must admit, like everyone else here, I really don't think
this is a viable solution or good business practice. After having looked
this program over, I don't really think it is worth much, since it will
only trigger incident reports based upon the number of appearances an IP
makes within your snort logs, as opposed to being triggered by actual
snort signatures you consider to be serious alerts. 

--ndelo

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Matt
Howell
Sent: Thursday, May 29, 2003 1:45 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Firing off Abuse email based on Snort Traffic

All...

We are starting to really see the benefit of our Snort deployment
project, and inevitably the project's scope has been expanded.  We would
like to set up a Sensor to automatically send Abuse emails to the ISP of
any hosts that break our Portscan threshold.   Has anyone seen a project
/ product out there that does this already?

Any input would be appreciated...

TIA,

-Matt





-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Nicholas Delo (ndelo at ...9245...).vcf
Type: text/x-vcard
Size: 500 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030529/25b11046/attachment.vcf>


More information about the Snort-users mailing list