[CLUE-Tech] Auto blocking hosts w/ iptables
Hani Duwaik
hduwaik at yahoo.com
Thu Jul 29 14:16:24 MDT 2004
--- Chris Schock <black at clapthreetimes.com> wrote:
> Definitely look at Snort, it DOES have that ability and is probably a
> lot
> more flexible as well. I just read the docs on it and that new
> functionality is very impressive - you can automatically reset their
> connections, log what they're doing for forensics, etc.
>
> It's been a couple years since I've used portsentry but one of the
> reasons
> I stopped using it is because I had it set fairly paranoid and locked
> myself out of my own gear while on the road more than once. While I'm
> not
> blaming portsentry for this, I do believe snort gives you more
> control.
>
I just found information on the 'Snort_Inline'
(http://snort-inline.sourceforge.net/) which seems to provide Snort
with the ability to actively respond to intrusion attempts.
Additionally, since the response code is written in Perl, it seems it
can be modified to respond in any way I so chose. Sounds promising :)
Thanks,
-Hani
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail
More information about the clue-tech
mailing list