Snort mailing list archives
Somewhat OT but RE:Abuse
From: "Madziarczyk, Jonathan" <than () cityofevanston org>
Date: Wed, 10 Oct 2001 09:50:39 -0500
Hey guys, This is kind of a big question, I realize a lot of it depends on my company's policy, but even your own procedures would be good to hear..... Okay, so I set up snort and I do find "people" are trying to hack into my web site or anything else for that matter. What do I then do? I've got an IP address, now what? I realize ping -a or something like that, but what if DNS doesn't resolve? Do any of you have a typical procedure you do? Blocking the IP address is obviously a mixed bag (especially if it's a bot). Any suggestions or ideas on where to look for this info would be great, and very appreciated! Sincerely, JonM
Current thread:
- Somewhat OT but RE:Abuse Madziarczyk, Jonathan (Oct 10)
- Re: Somewhat OT but RE:Abuse Chuck Morford (Oct 10)
- Re: Somewhat OT but RE:Abuse Andreas Östling (Oct 10)
- Re: Somewhat OT but RE:Abuse Chuck Morford (Oct 10)