Active Snort Log Analyser
I use snort to detect attacks on some FireWalls, it works well but I still need
a tool to tell me when the FireWall is beeing portscanned or under attack.
Secundary, I need a tool to deny the IP or even better, stop the scan/attack but
let the ip execute normal things (such as accessing the web server). Let me
explain, I can be scanned by a masqueraded machine behind a university FireWall,
I don't want to stop all this network from accessing the services I'm defending.
Well, I went to snort HomePage and didn't find what I need. The proposed tools
to alert you seems more programmation language than config files... In that
case, I'd better write my own tool -what a time consumming task-.