[Snort-users] DROP connections?

From: /dev/null <dev.null(at)beginthread.com>
Date: Sat Apr 12 2003 - 04:03:34 EDT

I have snort running and love it. It's running on a firewall/gateway box. I've read the FAQ and searched the web but can't seem to see an already-invented way of doing this, but I think surely someone else has it working already.

Right now when snort detectes something (like nimda for example), I'd like to do two things, (1) add the offending IP to my iptables DROP list and (2) add the offending IP to a config file that is used to build the iptables rules at bootup. I have the script already, I just need a way to have it triggered as soon as snort posts the alert.

Thanks!

---

This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com

---

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Sat Apr 12 04:13:31 2003