RE:Somewhat OT but RE:AbuseRe:

[Bob Hillegas <bobhillegas () pdq net>]

On Wed, 10 Oct 2001 "Madziarczyk, Jonathan" <than () cityofevanston org> wrote:

> Message: 1
> From: "Madziarczyk, Jonathan" <than () cityofevanston org>
> To: snort-users () lists sourceforge net
> Date: Wed, 10 Oct 2001 09:50:39 -0500
> Subject: [Snort-users] Somewhat OT but RE:Abuse
>
> Hey guys,
>
> This is kind of a big question, I realize a lot of it depends on my
> company's policy, but even your own procedures would be good to hear.....
>
> Okay, so I set up snort and I do find "people" are trying to hack into my
> web site or anything else for that matter.  What do I then do?  I've got an
> IP address, now what?  I realize ping -a or something like that, but what if
> DNS doesn't resolve?  Do any of you have a typical procedure you do?
> Blocking the IP address is obviously a mixed bag (especially if it's a bot).
>
> Any suggestions or ideas on where to look for this info would be great, and
> very appreciated!
>
> Sincerely,
> JonM

You might be interested in the 'Distributed Intrusion Detection System'.
Log onto www.dshield.org and see whether you wish to install a script
(perl) to translate your log entries into submissions to their database.

Interesting concept.


-- 
-------------------------------------------------
Bob Hillegas
<bobhillegas () pdq net>
281.546.9311




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users