[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sidewinder
Subject:    RE: [Sidewinder] StrikeBack
From:       sidewinder-admin () adeptech ! com
Date:       2002-12-09 23:56:36
[Download RAW message or body]

For ignoring events from certain IP and/or burbs, the best way I can think
of, would be an ipfilter discard.
It just drops the traffic before it goes up the stack to the application
layer,
so it's not logged, nada.

This is handy for traffic such as netbios.  You know the traffic is hitting,
it's not (usually) malicious, just drop the stuff and clean up your logs.

Read up on ipfilter - the discard is quite handy.
You can also do discards through a strikeback, so that after a certain # of
events, it will just discard the traffic, but unless you REALLY need to know
what's going on, why not ease up on the logging, etc and do it with
ipfilter.


-----Original Message-----
From: sidewinder-admin@adeptech.com
[mailto:sidewinder-admin@adeptech.com]
Sent: Monday, December 09, 2002 2:42 PM
To: 'sidewinder@adeptech.com'
Subject: RE: [Sidewinder] StrikeBack


Or better yet, be able to ignore events all together from certain IP
and/or burbs.

--
Steve.

On Mon, 9 Dec 2002 sidewinder-admin@adeptech.com wrote:

> >In Sidewinder 5.2 patch 06, is there a way to prevent the sidewinder
> >to perform the strikeback when the alert came from the internal burb?
>
> I second that.  Also, can one have it not send an alert in the first
place?
> Or even better, set the threshold much higher for my LAN burb then that
for
> my other burbs?
> _______________________________________________
> Sidewinder mailing list
> Sidewinder@adeptech.com
> http://mail.adeptech.com/mailman/listinfo/sidewinder
>

_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder

_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic