[Snort-users] Automatically block IP on firewall box from snort IDS

Pratik Narang pratik.cse.bits at ...11827...
Tue Sep 18 07:15:55 EDT 2012


Isnt Snortsam functionality already there in Barnyard2 ??


On Tue, Sep 18, 2012 at 4:41 PM, Kevin Ross <kevross33 at ...14012...>wrote:

> Use snortsam for this http://www.snortsam.net/
>
> Regards,
> Kevin
>
>
> On 18 September 2012 10:40, ML mail <mlnospam at ...131...> wrote:
>
>> Hello,
>>
>> I have a network configuration where I run snort separately on a
>> dedicated Linux box and have therefore another OpenBSD box which is
>> dedicated to the firewall task. Now because these two security tasks are
>> not on the same physical machine I was wondering how can I automatically
>> block on my OpenBSD firewall specific events which happens on my snort box?
>>
>> For example, I see some brute force SSH login attemps to my network
>> coming from a specific external IP. Here I would like to block that
>> external IP on my OpenBSD firewall for let's say 1 hour. What would be the
>> best solution to do that?
>>
>> Thanks for your suggestions.
>>
>> Best,
>> ML
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120918/565b9f06/attachment.html>


More information about the Snort-users mailing list