[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: [Snort-sigs] RE : Snort Response. See guardian.pl
From: David Bouscasse <bouscasse_david () yahoo ! fr>
Date: 2001-12-12 9:31:52
[Download RAW message or body]
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
The guardian.pl (Antony Stevens) script (see
www.snort.org) does that : It read the output of the
alert file to block the ofending IP.
guardian.pl
...
open (ALERT, $alert_file) or die "open $alert_file:
$!\n";
@junk=<ALERT>;
# this is the same as a tail -f :)
for (;;) {
sleep 1;
if (seek(ALERT,0,1)){
...
To respond to a specific attack with a specific
action, a program could use the rules files.
>From: "Wiedenfeld, Scot R. (Sytex Contractor)"
><scot.wiedenfeld.sytex@arrtc-exch.mccoy.army.mil>
>To: snort-sigs@lists.sourceforge.net
>Date: Tue, 11 Dec 2001 12:37:47 -0600
>Subject: [Snort-sigs] Snort Response
>
> Does Snort have the capability to respond to
>an intrusion or anomaly
>by executing another program. e.g. finger, dig,
>traceroute, tcpdump
>etc...
___________________________________________________________
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Courrier : http://courrier.yahoo.fr
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic