Re: multiple questions

["Raymond Norton" <admin () lctn org>]

OK, point taken.


First question:


As a novice I am not clear if the new install I just did according to the
redhat docs has a way of blocking the traffic that I get alerts on. I use
quite a few IPCop boxes with snort that block everything they log. This is
what I was hoping to accomplish when I did my new install. I see now that it
alerts, but does not stop the traffic. I read the FAQ, and see that there
are some other programs that build rules on the fly when an attack is
perceived.  I am not sure if it is necessary to implement these programs, or
if there is something in snort I can turn on to do this. I have read some
pros and cons on this, but feel in my current circumstance I would like to
block unwanted traffic.



----- Original Message ----- 
From: "Michael Steele" <michaels () winsnort com>
To: "'Raymond Norton'" <admin () lctn org>; <Snort-users () lists sourceforge net>
Sent: Saturday, September 27, 2003 8:53 PM
Subject: RE: [Snort-users] multiple questions


> Raymond,
>
> I don't have any policy setting authority and I'm just a mouse among the
> many, but this list is not designed to solicit off site free help. There
is
> only one person benefiting for the knowledge that you may get and the list
> is used for the many.
>
> Now if you are soliciting to hire a Security Consult, well that is
> acceptable because you would paying for the service. If you are looking
for
> a Security Consultant then by all means leave me a private email and give
> you a number to call.
>
> A good idea would be to outline your questions and then start posting them
> in the order of importance. They need to be specific to Snort. Might not
be
> a good idea to flood the list all at one time with a bunch of questions.
>
> Cheers...
>
> -Michael Steele
> -- 
>  System Engineer / Security Support Technician
>  mailto:michaels () winsnort com
>  Website: http://www.winsnort.com
>  Snort: Open Source Network IDS - http://www.snort.org
>
> -----Original Message-----
> From: snort-users-admin () lists sourceforge net
> [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Raymond
Norton
> Sent: Friday, September 26, 2003 7:55 AM
> To: Snort-users () lists sourceforge net
> Subject: [Snort-users] multiple questions
>
> I have a number of questions about implementing snort specific to my
> network.  I  would like to correspond via email with someone that feels
> comfortable with implementing snort on a WAN.
>
> Some of my questions concern policy routing, blocking traffic vs.
alerting,
> and rules specific to my network.
>
> If you can be of assistance please send me an email.
>
>
> Raymond Norton
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users