Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bad Traffic, Port

From: Martin Bündgens <mb () insidetheweb de>
Date: Thu, 25 Dec 2003 04:47:53 +0100

----- Original Message -----
From: "Josh Berry" <josh.berry () netschematics com>
To: "Martin Bündgens" <mb () insidetheweb de>
Cc: <snort-users () lists sourceforge net>
Sent: Wednesday, December 24, 2003 11:47 PM
Subject: Re: [Snort-users] Bad Traffic, Port



Are you running Snort on the IPTables machine?  If so even though you are
blocking port 0 traffic, I believe that Snort can still see the traffic
that is coming at the box.  So, you are blocking port 0 but Snort reads
the traffic off of libpcap before it is denied by IPTables.


That`s right.

Anyway, i thought about a solution. Is it possible to add an IPTables
command to a Snort Rule (drop all packets from the ip, which break the Snort
rule) ? That would do it, i think. Since it would stop the constant
flooding.

Regards,
Marti Bündgens.



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: