Snort mailing list archives
Telnet alert...
From: "Syed Mohammad Talha" <talha () cbq com qa>
Date: Tue, 18 Sep 2001 13:38:29 +0300
Hi all, I have a machine as a gateway to my network with two public and private IP addresses. I am using ipchains for the masquerading and running snort on both the interfaces and trying to secure the machines from internal and external users. Now when ever I get an alert, I am using a guardian script to block that IP for a certain period of time. My problem is that when someone tries to telnet from internal machine to some external machine it pick the external machine's IP as source and if the user gives the wrong password it blocks the source IP which results in stopping all the traffic for that machine for all the network users, because that script puts a deny rule in ipchains for that source address. I want to block such access but not for all for the users who are giving the wrong passwords. Also is there a way that I can define in snort that don't put an alert for first two failed tries. If anyone can help in this regards. Thanks and Regards. Talha
Current thread:
- Telnet alert... Syed Mohammad Talha (Sep 18)