Snort mailing list archives
Re: Blocking not friendly traffic
From: Jeff <jeff () delnoch net>
Date: Tue, 7 Aug 2001 02:11:27 -0400 (EDT)
Snort is just intrusion detection, and needs to be used in conjunction with a firewall product such as IPF/IPFW/IPTABLES/FW-1 (the list goes on). and, I would also suggest patching your IIS server to prevent reinfection. Jeff
Hello I try defend my network from CodeRedI/II. How I do it. I use following: 1. alert tcp any any -> any 80 (msg:" ...bla bla bla ...;resp:rst_all;) ^^^^^^^^^^^^ 2. alert tcp any any -> any 80 (msg:" ...bla bla bla ...;react:block;) ^^^^^^^^^^^ 3. I did find and try to use `hogwash': drop tcp $EXTERNAL_NET any -> $HOME_NET 80 (msg: .......) ^^^^ Nothing ... After some time my IIS5+Index server again infected. Question: with snort I can block this traffic or not? Or I must use normal firewall (like Firewall-1 or other firewall)??? Sincerely yours, Lazarev Dim Technical support /Vgroup Ltd 30, Planetnay Str., 630015, Novosibirsk, Russia Tel.: +7 383 279 73 86 E-mail: support () vgroup ru http://www.vgroup.ru _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Blocking not friendly traffic Лазарев Дмитрий (Aug 06)
- Re:Blocking not friendly traffic Shaiful (Aug 06)
- Re: Blocking not friendly traffic Jeff (Aug 06)
- Re: Blocking not friendly traffic Ralf Hildebrandt (Aug 06)
- Re: Blocking not friendly traffic Ralf Hildebrandt (Aug 06)