Snort mailing list archives
RE: Blocking individual IP's
From: Frank Knobbe <fknobbe () knobbeits com>
Date: 13 Apr 2002 16:43:51 -0500
On Thu, 2002-04-11 at 09:23, Ronneil Camara wrote:
It's nice to hear that Snort can talk to Checkpoint. There is actually one, snortsam. But you would never want legitimate or trusted parties not to talk to your network anymore. What I meant was ip spoofing. Someone can just pretend that they're coming from this network. I would suggest you do the blocking manually.
Hey Ronneil, that's why SnortSam has the DONTBLOCK statements so you can prevent the accidental block of vital networks. To James: I would continue to block for short durations with SnortSam. If you recognize evil IP's repeatedly, block those manually with rules on your FW-1 (One of my first rules is KnownScanners / any / any / drop / nolog). Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Blocking individual IP's O'Brien, James (Apr 11)
- <Possible follow-ups>
- RE: Blocking individual IP's Omolayo Salako (Apr 11)
- RE: Blocking individual IP's Sean T. Ballard (Apr 11)
- RE: Blocking individual IP's Ronneil Camara (Apr 11)
- RE: Blocking individual IP's Frank Knobbe (Apr 13)