[Snort-users] Firing off Abuse email based on Snort Traffic

Todd Holloway todd at ...4574...
Fri May 30 09:21:11 EDT 2003


I have not tried this program yet...but it may help.

http://freshmeat.net/projects/incident.pl/

About:
incident.pl is a small script that, when given syslogs generated by snort
or other tools, can generate an incident report for events that appear
to be attempted security attacks, gather information on the remote host,
and report the attack to the appropriate administrators.

Author:
Viraj Alankar 



todd


On Thu, May 29, 2003 at 10:44:52AM -0700, Matt Howell wrote:
> All...
> 
> We are starting to really see the benefit of our Snort deployment
> project, and inevitably the project's scope has been expanded.  We would
> like to set up a Sensor to automatically send Abuse emails to the ISP of
> any hosts that break our Portscan threshold.   Has anyone seen a project
> / product out there that does this already?
> 
> Any input would be appreciated...
> 
> TIA,
> 
> -Matt
> 
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: eBay
> Get office equipment for less on eBay!
> http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in. We're computer professionals. We
cause accidents.

		Nathaniel Borenstein, inventor of MIME.




More information about the Snort-users mailing list