Snort mailing list archives

Previous By Date Next
Previous By Thread Next

how to block outgoing hacking scans?

From: lope <lopeonline () gmail com>
Date: Fri, 6 May 2016 12:28:20 +0800
Hi,

I want to provide a BASIC free wifi service.

I want to block illegal/unwanted outgoing traffic.

My experience
+ Very familiar with IPTABLES and IPSETs
/ A little experience using fail2ban
- Never used snort

To make things easier I'll block all outgoing ports except 53, 80 443
I may potentially also allow email ports: 995 993 587 465
I don't care about people not being able to do some legitemate stuff that uses other ports, this will just be a BASIC service, with the emphasis on making it easy for me to prevent/reduce abuse. 

*Can you please suggest what software to use for the following?*
Any other information you can provide will be much appreciated.
Are there any specific steps or relevant settings that need to be set to achieve these things?
I'm looking for a quick way to get started, because I've got no clue where to start to achieve the following: 

Block 1: Illegal traffic I'd like to block
* Hacking/Scans (like searching for website vulnerabilities), hammering wordpress login pages etc. 

Block 2: Unwanted traffic I'd like to block
* avi,mp4,mp3,mk4,zip,exe,rar,7z,.torrent etc
* HTTP/HTTPS connections carrying more than x MB > Temp ban.

Any other stuff you suggest I block?



------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: