Snort mailing list archives
Re: Firing off Abuse email based on Snort Traffic
From: Frank Knobbe <fknobbe () knobbeits com>
Date: 29 May 2003 16:16:02 -0500
On Thu, 2003-05-29 at 14:07, Matt Kettler wrote:
If you can unconditionally prove it is a legitimate attack, then feel free to automate.. but abuse should not be abused by carpet bombing it with "hunches" and "I think this may be an attack" from automated systems. The "maybe" cases should be hand written.
Not just hunches. Even if it is valid, there needs to be some throttle (perhaps a limit of one email per offending IP). Otherwise an automated system would fire off an email every time an attack occurs, even if legitimate. Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Firing off Abuse email based on Snort Traffic Matt Howell (May 29)
- Re: Firing off Abuse email based on Snort Traffic Matt Kettler (May 29)
- RE: Firing off Abuse email based on Snort Traffic Chris (May 29)
- RE: Firing off Abuse email based on Snort Traffic dave (May 29)
- Re: Firing off Abuse email based on Snort Traffic Matt Howell (May 29)
- Re: Firing off Abuse email based on Snort Traffic Erek Adams (May 29)
- Re: Firing off Abuse email based on Snort Traffic Matt Howell (May 29)
- Re: Firing off Abuse email based on Snort Traffic Skip Carter (May 29)
- Re: Firing off Abuse email based on Snort Traffic Budi Rahardjo (May 29)
- Re: Firing off Abuse email based on Snort Traffic Michael H. Warfield (May 29)
- RE: Firing off Abuse email based on Snort Traffic Chris (May 29)
- Re: Firing off Abuse email based on Snort Traffic Matt Kettler (May 29)
- Re: [OT] Firing off Abuse email based on Snort Traffic Matt Howell (May 30)
- Re: [OT] Firing off Abuse email based on Snort Traffic james (May 30)
- <Possible follow-ups>
- RE: Firing off Abuse email based on Snort Traffic bmcdowell (May 29)
- RE: Firing off Abuse email based on Snort Traffic Matt Howell (May 29)
- RE: Firing off Abuse email based on Snort Traffic Donofrio, Lewis (May 29)
- Re: Firing off Abuse email based on Snort Traffic scheidell (May 30)