Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Firing off Abuse email based on Snort Traffic

From: "Nicholas Delo" <ndelo () limcollege edu>
Date: Thu, 29 May 2003 19:05:13 -0400
This perl proggy should do what you want. 

http://securityfocus.com/tools/1959

However, I must admit, like everyone else here, I really don't think
this is a viable solution or good business practice. After having looked
this program over, I don't really think it is worth much, since it will
only trigger incident reports based upon the number of appearances an IP
makes within your snort logs, as opposed to being triggered by actual
snort signatures you consider to be serious alerts. 

--ndelo

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Matt
Howell
Sent: Thursday, May 29, 2003 1:45 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Firing off Abuse email based on Snort Traffic

All...

We are starting to really see the benefit of our Snort deployment
project, and inevitably the project's scope has been expanded.  We would
like to set up a Sensor to automatically send Abuse emails to the ISP of
any hosts that break our Portscan threshold.   Has anyone seen a project
/ product out there that does this already?

Any input would be appreciated...

TIA,

-Matt





-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Attachment: Nicholas Delo (ndelo@limcollege.edu).vcf
Description:

Previous By Date Next
Previous By Thread Next

Current thread: