[Snort-users] Snortsam / Portscanning Detection
This is a discussion on [Snort-users] Snortsam / Portscanning Detection within the Snort forums, part of the System Security and Security Related category; Hey everyone, I was going to try to get our PIX firewall setup with snort / snortsam and I had a ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-29-2003
|
|||
|
|||
[Snort-users] Snortsam / Portscanning Detection
Hey everyone,
I was going to try to get our PIX firewall setup with snort / snortsam and I had a question. We are interested in having the firewall block the offending IP address when we receive a portscan, but I could not figure out where we should place the "fwsam: src, 5 minutes;" entry. Because in snort 2.1.0, I do not know about previous versions, the portscanning detection is a preprocessor. If I set the "output-mode" to "pktkludge" I can see it in the alerts database and everything, but as I said, I have no idea how to set a different output plug-in for this. That is if it can even currently be done. Any help would be greatly appreciated. Tuomas Groves ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
