Snort mailing list archives

Previous By Date Next
Previous By Thread Next

(no subject)

From: "Marc Quibell" <mquibell () fbfs com>
Date: Mon, 4 Aug 2003 13:02:56 -0500


I've seen the "Snort threshold email" alerts posted here before, and would like
to see anyone's BEST config to accomplish threshold email alerts.

What would also be cool is automatic Abuse notifications to ISPs and IP holders
from Snort alerts. i.e.: I get 250 port scans from IP A, and I have Snort
configured so that if I get so many alerts per second or if I get certain types
of alerts, this program would do an ARIN lookup of the IP owner and send off the
log to them.

I guess one poin tof this would be that since most of our Abuse reports get
ignored, we don't have to waste any time on it either. Comments? TIA!

Marc




-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: