Snort mailing list archives
Re: Blocking not friendly traffic
From: Ralf Hildebrandt <Ralf.Hildebrandt () innominate com>
Date: Tue, 7 Aug 2001 08:20:33 +0200
On Tue, Aug 07, 2001 at 12:47:56PM +0700, ??????? ??????? wrote:
Nothing ... After some time my IIS5+Index server again infected. Question: with snort I can block this traffic or not? Or I must use normal firewall (like Firewall-1 or other firewall)???
If the alert is triggered, the packet already infected your machine. So there's little you can do. Normal firewall won't help, because it's legitimate traffic (the point of a webserver is to server webpages!) If you want servers that work, stay up, perform, and aren't rooted every other second, use Apache on OpenBSD. -- ralf.hildebrandt () innominate com innominate AG Technical Consultant Don't be afraid of what you see - Diplom-Informatiker be afraid of what you don't see! tel: +49.(0)7000.POSTFIX fax: +49.(0)30.308806-77 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Blocking not friendly traffic Лазарев Дмитрий (Aug 06)
- Re:Blocking not friendly traffic Shaiful (Aug 06)
- Re: Blocking not friendly traffic Jeff (Aug 06)
- Re: Blocking not friendly traffic Ralf Hildebrandt (Aug 06)
- Re: Blocking not friendly traffic Ralf Hildebrandt (Aug 06)