RE: firewall rules modification based on snort logs

[John Hally <JHally () epnet com>]

There's also a cool little app called SnortSam ( www.snortsam.net
<http://www.snortsam.net> ) that works on both W2K and *nix, and will work
with a boatload of firewalls.

-----Original Message-----
From: Poppi, Sandro [mailto:Sandro.Poppi () wacker com]
Sent: Tuesday, June 10, 2003 6:13 AM
To: 'Gaurav Kumar'; snort-users () lists sourceforge net
Subject: AW: [Snort-users] firewall rules modification based on snort logs


You might take a look at guardian:
http://www.snort.org/dl/contrib/other_tools/guardian
<http://www.snort.org/dl/contrib/other_tools/guardian>  
 
Looking in snort's web site's contrib section is so much fun >;)
 
HTH,
Sandro


hello snort user...
i was wondering if some script or tool is avaliable to modify the firewall
rules based on snort logs (i am using mysql database for snort logging).
for example is someone is ping flooding my server, tool will read the logs
from snort and modify the iptable rule to DENY the ip address to access my
server.
 


Gauarv Kumar
 
Security Analyst
E-mail - gaurav () e2-labs com <mailto:gaurav () e2-labs com> 
Phone - +91-40-23555942, 23556538 
Mobile- +91-40-31068650
e2 labs
India
 
[This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.]



  _____  

Do you Yahoo!?
Free online  <http://us.rd.yahoo.com/mail_us/tag/*http://calendar.yahoo.com>
calendar with sync to Outlook(TM).