Snort mailing list archives
HELP: Configuring IPTABLES on SnortSam blocking agent
From: Rachmat Hidayat Al-Anshar <rachmat_hidayat_02 () yahoo com>
Date: Sun, 18 Nov 2007 00:19:15 -0800 (PST)
Hi again guys, I have a little confused with the Fabrizio's statement on how we set the IPTABLES to make the snortsam agent effectively block the bad ip address that have been delivered by snortsam output plugin on snort machine. BLOCK COMMAND: /sbin/iptables -I FORWARD -i %s -s %s -j DROP /sbin/iptables -I INPUT -i %s -s %s -j DROP UNBLOCK COMMAND: /sbin/iptables -D FORWARD -i %s -s %s -j DROP /sbin/iptables -D INPUT -i %s -s %s -j DROP note: -i = interface to block the bad ip address -s = remote source ip address to be blocked There is no problem at all with "-i" switch, the thing was bothering me is the "-s" switch. How can I issue the bad ip address? in fact the snortsam outplugin on snort machine just send the "src" contains the bad ip address that was detected by snort. We talking about the random and dynamic ip address don't we? so, what do you think guys?!?! what should I do?! ____________________________________________________________________________________ Be a better sports nut! Let your teams follow you with Yahoo Mobile. Try it now. http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- HELP: Configuring IPTABLES on SnortSam blocking agent Rachmat Hidayat Al-Anshar (Nov 18)