Snort mailing list archives
AW: firewall rules modification based on snort logs
From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Tue, 10 Jun 2003 12:12:46 +0200
You might take a look at guardian: http://www.snort.org/dl/contrib/other_tools/guardian <http://www.snort.org/dl/contrib/other_tools/guardian> Looking in snort's web site's contrib section is so much fun >;) HTH, Sandro hello snort user... i was wondering if some script or tool is avaliable to modify the firewall rules based on snort logs (i am using mysql database for snort logging). for example is someone is ping flooding my server, tool will read the logs from snort and modify the iptable rule to DENY the ip address to access my server. Gauarv Kumar Security Analyst E-mail - gaurav () e2-labs com <mailto:gaurav () e2-labs com> Phone - +91-40-23555942, 23556538 Mobile- +91-40-31068650 e2 labs India [This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.] _____ Do you Yahoo!? Free online <http://us.rd.yahoo.com/mail_us/tag/*http://calendar.yahoo.com> calendar with sync to Outlook(TM).
Current thread:
- AW: firewall rules modification based on snort logs Poppi, Sandro (Jun 10)