Active Snort Log Analyser

To: debian-firewall@lists.debian.org
Subject: Active Snort Log Analyser
From: jfjoly@free.fr
Date: Tue, 07 Nov 2000 10:27:44 +0100 (MET)
Message-id: <[🔎] 973589264.3a07cb10934be@imp.free.fr>

Hello all,
I use snort to detect attacks on some FireWalls, it works well but I still need 
a tool to tell me when the FireWall is beeing portscanned or under attack. 
Secundary, I need a tool to deny the IP or even better, stop the scan/attack but 
let the ip execute normal things (such as accessing the web server). Let me 
explain, I can be scanned by a masqueraded machine behind a university FireWall, 
I don't want to stop all this network from accessing the services I'm defending.
Well, I went to snort HomePage and didn't find what I need. The proposed tools 
to alert you seems more programmation language than config files... In that 
case, I'd better write my own tool -what a time consumming task-.

JF.

Reply to:

Follow-Ups:
- Re: Active Snort Log Analyser
  - From: lfilipoz@emyr.net (Luca Filipozzi)
- Re: Active Snort Log Analyser
  - From: Helmut Springer <delta@FaVeVe.Uni-Stuttgart.de>

Prev by Date: Re: Newbie, someone have how-to on from-scratch Debian firewall?
Next by Date: Re: Active Snort Log Analyser
Previous by thread: Re: Newbie, someone have how-to on from-scratch Debian firewall?
Next by thread: Re: Active Snort Log Analyser
Index(es):
- Date
- Thread