Re: [Snort-users] Bad Traffic, Port
This is a discussion on Re: [Snort-users] Bad Traffic, Port within the Snort forums, part of the System Security and Security Related category; ----- Original Message ----- From: "Josh Berry" <josh.berry@netschematics.com> To: "Martin Bündgens" <...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-25-2003
|
|||
|
|||
Re: [Snort-users] Bad Traffic, Port
----- Original Message ----- From: "Josh Berry" <josh.berry@netschematics.com> To: "Martin Bündgens" <mb@insidetheweb.de> Cc: <snort-users@lists.sourceforge.net> Sent: Wednesday, December 24, 2003 11:47 PM Subject: Re: [Snort-users] Bad Traffic, Port > Are you running Snort on the IPTables machine? If so even though you are > blocking port 0 traffic, I believe that Snort can still see the traffic > that is coming at the box. So, you are blocking port 0 but Snort reads > the traffic off of libpcap before it is denied by IPTables. That`s right. Anyway, i thought about a solution. Is it possible to add an IPTables command to a Snort Rule (drop all packets from the ip, which break the Snort rule) ? That would do it, i think. Since it would stop the constant flooding. Regards, Marti Bündgens. ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
