RE: Blocking individual IP's

["Ronneil Camara" <ronneilc () remingtonltd com>]

Hi James,

It's nice to hear that Snort can talk to Checkpoint. There is actually one, snortsam.
But you would never want legitimate or trusted parties not to talk to your network
anymore. What I meant was ip spoofing. Someone can just pretend that they're coming
from this network. I would suggest you do the blocking manually.

You can use blackhole route on your border router or add block rules on your firewall.

-hth


> -----Original Message-----
> From: O'Brien, James [mailto:JOBrien () Hunter COM]
> Sent: Thursday, April 11, 2002 8:53 AM
> To: 'snort-users () lists sourceforge net'
> Subject: [Snort-users] Blocking individual IP's
>
>
> Hello all.
>
> What options are there (rules or otherwise) to block 
> individual IP's from
> malicious/annoying public IP's?  I'm sick of seeing numerous 
> attempts from
> the same couple of dozen addresses and want to squelch them once and
> for-all.  We run checkpoint, and the snortsam plugin to block 
> scans, and
> I've messed with custom snort rules to block ip's that have 
> continously
> bothered me, but it is an in-elegent solution at best.  Has 
> anyone out there
> come up with a better way to do this using snort or some 
> other IDS that will
> talk to Checkpoint's firewall 1??
>
> Thanks for your time,
>
> Jim O'Brien
> Systems Admin
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users