Snort mailing list archives
RE: firewall rules modification based on snort logs
From: John Hally <JHally () epnet com>
Date: Tue, 10 Jun 2003 08:01:49 -0400
There's also a cool little app called SnortSam ( www.snortsam.net <http://www.snortsam.net> ) that works on both W2K and *nix, and will work with a boatload of firewalls. -----Original Message----- From: Poppi, Sandro [mailto:Sandro.Poppi () wacker com] Sent: Tuesday, June 10, 2003 6:13 AM To: 'Gaurav Kumar'; snort-users () lists sourceforge net Subject: AW: [Snort-users] firewall rules modification based on snort logs You might take a look at guardian: http://www.snort.org/dl/contrib/other_tools/guardian <http://www.snort.org/dl/contrib/other_tools/guardian> Looking in snort's web site's contrib section is so much fun >;) HTH, Sandro hello snort user... i was wondering if some script or tool is avaliable to modify the firewall rules based on snort logs (i am using mysql database for snort logging). for example is someone is ping flooding my server, tool will read the logs from snort and modify the iptable rule to DENY the ip address to access my server. Gauarv Kumar Security Analyst E-mail - gaurav () e2-labs com <mailto:gaurav () e2-labs com> Phone - +91-40-23555942, 23556538 Mobile- +91-40-31068650 e2 labs India [This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.] _____ Do you Yahoo!? Free online <http://us.rd.yahoo.com/mail_us/tag/*http://calendar.yahoo.com> calendar with sync to Outlook(TM).
Current thread:
- firewall rules modification based on snort logs Gaurav Kumar (Jun 10)
- Re: firewall rules modification based on snort logs Matt Kettler (Jun 10)
- Re: firewall rules modification based on snort logs Frank Knobbe (Jun 10)
- many 'NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt' Ciprian Badescu (Jun 11)
- Re: firewall rules modification based on snort logs Matt Kettler (Jun 11)
- Re: firewall rules modification based on snort logs Frank Knobbe (Jun 10)
- <Possible follow-ups>
- RE: firewall rules modification based on snort logs John Hally (Jun 10)
- Re: firewall rules modification based on snort logs Matt Kettler (Jun 10)