Snort mailing list archives
RE: Blocking individual IP's
From: "Ronneil Camara" <ronneilc () remingtonltd com>
Date: Thu, 11 Apr 2002 09:23:57 -0500
Hi James, It's nice to hear that Snort can talk to Checkpoint. There is actually one, snortsam. But you would never want legitimate or trusted parties not to talk to your network anymore. What I meant was ip spoofing. Someone can just pretend that they're coming from this network. I would suggest you do the blocking manually. You can use blackhole route on your border router or add block rules on your firewall. -hth
-----Original Message----- From: O'Brien, James [mailto:JOBrien () Hunter COM] Sent: Thursday, April 11, 2002 8:53 AM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Blocking individual IP's Hello all. What options are there (rules or otherwise) to block individual IP's from malicious/annoying public IP's? I'm sick of seeing numerous attempts from the same couple of dozen addresses and want to squelch them once and for-all. We run checkpoint, and the snortsam plugin to block scans, and I've messed with custom snort rules to block ip's that have continously bothered me, but it is an in-elegent solution at best. Has anyone out there come up with a better way to do this using snort or some other IDS that will talk to Checkpoint's firewall 1?? Thanks for your time, Jim O'Brien Systems Admin _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Blocking individual IP's O'Brien, James (Apr 11)
- <Possible follow-ups>
- RE: Blocking individual IP's Omolayo Salako (Apr 11)
- RE: Blocking individual IP's Sean T. Ballard (Apr 11)
- RE: Blocking individual IP's Ronneil Camara (Apr 11)
- RE: Blocking individual IP's Frank Knobbe (Apr 13)