Snort mailing list archives
RE:Somewhat OT but RE:AbuseRe:
From: Bob Hillegas <bobhillegas () pdq net>
Date: Wed, 10 Oct 2001 20:11:02 -0500 (CDT)
On Wed, 10 Oct 2001 "Madziarczyk, Jonathan" <than () cityofevanston org> wrote:
Message: 1 From: "Madziarczyk, Jonathan" <than () cityofevanston org> To: snort-users () lists sourceforge net Date: Wed, 10 Oct 2001 09:50:39 -0500 Subject: [Snort-users] Somewhat OT but RE:Abuse Hey guys, This is kind of a big question, I realize a lot of it depends on my company's policy, but even your own procedures would be good to hear..... Okay, so I set up snort and I do find "people" are trying to hack into my web site or anything else for that matter. What do I then do? I've got an IP address, now what? I realize ping -a or something like that, but what if DNS doesn't resolve? Do any of you have a typical procedure you do? Blocking the IP address is obviously a mixed bag (especially if it's a bot). Any suggestions or ideas on where to look for this info would be great, and very appreciated! Sincerely, JonM
You might be interested in the 'Distributed Intrusion Detection System'. Log onto www.dshield.org and see whether you wish to install a script (perl) to translate your log entries into submissions to their database. Interesting concept. -- ------------------------------------------------- Bob Hillegas <bobhillegas () pdq net> 281.546.9311 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE:Somewhat OT but RE:AbuseRe: Bob Hillegas (Oct 10)