Snort mailing list archives
RE: writing to log file and running a script at onc e???
From: Omolayo Salako <OSalako () corp goamerica net>
Date: Mon, 22 Apr 2002 18:26:32 -0400
i am not so sure you really wanna do that , if you dont want people to go to yahoo, simply block yahoo's address at your firewall or edge router, but having something telneting to your router and updating access list on the fly does not seem like a good idea to me. just imagine things that can go wrong. am not saying this is not totally possible. if you really bent on doing this and your are in a cisco environment. i would say look into cisco works, you can hack it to allow your script to update access list on cisco works and have cisco works update the router, that i think its a safer route. that by itself it's even complex, especially if you have mutiple exits into the internet, you have to build intelligence your script to know which router to ask cisco works to update. i think just blocking addresses its a safer option, remember the kiss principle. the final call its yours anyways. -----Original Message----- From: Lookman Fazal [mailto:fazall () research avayalabs com] Sent: Monday, April 22, 2002 4:02 PM To: snort-users () lists sourceforge net Cc: 'Lookman Fazal' Subject: [Snort-users] writing to log file and running a script at once??? Hello All I have snort (1.8.3) running on linux. The linux machine is connected on the mirror port and monitoring traffic just fine. For example, when someone goes to yahoo, it creates a directory with the sender's IP address in /var/log/snort directory Now what I want to do is, when it writes the sender's IP address in this /var/log/snort directory I want to, at the same time run a script, which will take the sender's IP address and telnet to my router and add an access-list to deny this sender. I can work on the script, how do I do the other part? Is there a way to do this? Any help will be greatly appreciated --Fazal _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: writing to log file and running a script at onc e??? Omolayo Salako (Apr 22)