Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort & guardian & CISCO routers

From: Ralf Hildebrandt <Ralf.Hildebrandt () charite de>
Date: Tue, 22 Jan 2002 09:11:33 +0100
In order to alleviate the load on our snort/demarc IDS I'd like to use
snort & guardian to block hosts portscanning us.

Yes, I'm aware of the DoS opportunity here.

Anyway: snort logs to a database, but also logs (at least portscans)
to a plain text file which can be monitored by guardian.

Are there any read-made scripts that create blocklists for CISCO
routers?

-- 
Ralf Hildebrandt (Im Auftrag des Referat V A)   Ralf.Hildebrandt () charite de
Charite Campus Virchow-Klinikum                 Tel.  +49 (0)30-450 570-155
Referat V A - Kommunikationsnetze -             Fax.  +49 (0)30-450 570-916
Program /n./
 1. A magic spell cast over a computer allowing it to turn one's input
  into error messages.
 2. An exercise in experimental epistemology.
 3. A form of art, ostensibly intended for the instruction of computers,
  which is nevertheless almost inevitably a failure if other programmers
  can't understand it.
 - From the Jargon File. 


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: