Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Guardian 1.3.0

From: Steven () heimann com au
Date: Wed, 15 Aug 2001 08:37:27 +1000
I am new to Snort and still feeling my way around.

Guardian seemed like a logical addition to Snort and I have been trying to
get it working over the last few days.  Is anyone else running Guardian
1.3.0 with ipchains?  Guardian.pl doesn't seem to have the correct syntax
for ipchains rule insertion.  It thinks it is blocking ip addresses but it
is not.  My perl is very weak but I think guardian is not using a rule
number for the insertion.  This would be very dependent on the existing
ruleset.  I suppose all deny rules could go at the top of the list but I
can't tell how guardian is trying to track what rule number it has used for
each ip address blocked.

Without sitting down and trying to rewrite guardian.pl does anyone have a
quick fix?

What other methods do people use to block ip addresses that have offended
snort?  From what I can gather Flex-response may be the way of the future
but is not yet ready for production use.  (I may well be completely wrong
on this point)

regards
Steven



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: