Snort mailing list archives
active response + managing sensors
From: "Marcin Laskowski" <cineklas () wp pl>
Date: Wed, 24 Mar 2004 09:20:47 +0100
Hi, I want to configure Snort to reconfigure firewall when there is attack from some IP. How should I do it? I read sth about Snortsam, but I don`t think it`s the best choice (there have to be 2 network interfaces - I have only eth0). I think that guardian would be better because my Snort works as HIDS. What do You think? The second problem is that I would like to have few sensors in my local network, so they could detect attacks and log everything into database server (mysql). I have ACID installed, but I read somewhere that there is possiility to manage snort rules and other options using ACID via http. How can I do it? The third problem is with iptables - how should I configure rules in sensors? Block all ports except the one which snort will use to log to mysql server? ------------------------------------------- Best Regards, Marcin Laskowski
Current thread:
- active response + managing sensors Marcin Laskowski (Mar 24)