Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: writing to log file and running a script at onc e???

From: Omolayo Salako <OSalako () corp goamerica net>
Date: Mon, 22 Apr 2002 18:26:32 -0400
i am not so sure you really wanna do that , if you dont want people to go to
yahoo, simply block yahoo's address at your firewall or edge router, but
having something telneting to your router and  updating access list on the
fly does not seem like a good idea to me. just imagine things that can go
wrong. am not saying this is not totally possible. if you really bent on
doing this and your are in a cisco environment. i would say look into cisco
works, you can hack it to allow your script to update access list on cisco
works and have cisco works update the router, that i think its a safer
route. that by itself it's even complex, especially if you have mutiple
exits into the internet, you have to build intelligence your script to know
which router to ask cisco works to update. i think just blocking addresses
its a safer option, remember the kiss principle. the final call its yours
anyways.


-----Original Message-----
From: Lookman Fazal [mailto:fazall () research avayalabs com]
Sent: Monday, April 22, 2002 4:02 PM
To: snort-users () lists sourceforge net
Cc: 'Lookman Fazal'
Subject: [Snort-users] writing to log file and running a script at
once???


Hello All

I have snort (1.8.3) running on linux.  The linux machine is connected
on the mirror port and monitoring traffic just fine.  For example, when
someone goes to yahoo, it creates a directory with the sender's IP
address in /var/log/snort directory

Now what I want to do is, when it writes the sender's IP address in this
/var/log/snort directory I want to, at the same time run a script, which
will take the sender's IP address and telnet to my router and add an
access-list to deny this sender. I can work on the script, how do I do
the other part?

Is there a way to do this?  Any help will be greatly appreciated

--Fazal


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: