Snort mailing list archives
Guardian 1.3.0
From: Steven () heimann com au
Date: Wed, 15 Aug 2001 08:37:27 +1000
I am new to Snort and still feeling my way around. Guardian seemed like a logical addition to Snort and I have been trying to get it working over the last few days. Is anyone else running Guardian 1.3.0 with ipchains? Guardian.pl doesn't seem to have the correct syntax for ipchains rule insertion. It thinks it is blocking ip addresses but it is not. My perl is very weak but I think guardian is not using a rule number for the insertion. This would be very dependent on the existing ruleset. I suppose all deny rules could go at the top of the list but I can't tell how guardian is trying to track what rule number it has used for each ip address blocked. Without sitting down and trying to rewrite guardian.pl does anyone have a quick fix? What other methods do people use to block ip addresses that have offended snort? From what I can gather Flex-response may be the way of the future but is not yet ready for production use. (I may well be completely wrong on this point) regards Steven _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Guardian 1.3.0 Steven (Aug 15)