Snort mailing list archives
how to block outgoing hacking scans?
From: lope <lopeonline () gmail com>
Date: Fri, 6 May 2016 12:28:20 +0800
Hi, I want to provide a BASIC free wifi service. I want to block illegal/unwanted outgoing traffic. My experience + Very familiar with IPTABLES and IPSETs / A little experience using fail2ban - Never used snort To make things easier I'll block all outgoing ports except 53, 80 443 I may potentially also allow email ports: 995 993 587 465I don't care about people not being able to do some legitemate stuff that uses other ports, this will just be a BASIC service, with the emphasis on making it easy for me to prevent/reduce abuse.
*Can you please suggest what software to use for the following?* Any other information you can provide will be much appreciated.Are there any specific steps or relevant settings that need to be set to achieve these things?
I'm looking for a quick way to get started, because I've got no clue where to start to achieve the following:
Block 1: Illegal traffic I'd like to block* Hacking/Scans (like searching for website vulnerabilities), hammering wordpress login pages etc.
Block 2: Unwanted traffic I'd like to block * avi,mp4,mp3,mk4,zip,exe,rar,7z,.torrent etc * HTTP/HTTPS connections carrying more than x MB > Temp ban. Any other stuff you suggest I block?
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- how to block outgoing hacking scans? lope (May 05)