Tom's Guide > Forum > General Networking > Firewall > Snort is running, now what ?

Snort is running, now what ?

Forum General Networking : Firewall - Snort is running, now what ?

TomsGuide.com: Over 800,000 questions and answers to address all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Acey   06-15-2004 at 07:02:32 AM

Archived from groups: comp.security.firewalls (More info?)

 

Greetings,

Here is my lan :

Router
-> Machine 1 with port 22 open (linux)
-> Machine 2 with port 80 open (linux)

I put snort on Machine 2 to detect hack attempts on the webserver.

Say somone try to hack my apache, Snort fill an entry in the alert
file.
Ok.

Now, How can I take active mesures ?
I thought of doing the following but maybe this was done already :
Snort sends a packet to the a socket to a program listening on the
port.
The program add the ip adress in the /etc/hosts.deny file.

is that enough ?
does a program doing this already exist ?
can snort do it himself (i am currently reading the snort
documentation but din't find anything yet)

thanks for your help

Add a reply
Sponsored Links
Register or log in to remove.
Ask the community Add a reply
Tom's Guide > Forum > General Networking > Firewall > Snort is running, now what ?
Go to:

There are 11 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.286 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Google ads