[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Active Snort Log Analyser

On Tue 2000-11-07 (10:27), jfjoly@free.fr wrote:
> portscanned or under attack.  Secundary, I need a tool to deny the
> IP or even better, stop the scan/attack but let the ip execute
> normal things (such as accessing the web server). Let me explain,
why do you allow anything beside the 'normal things' if you have to
block it on 'attack'?  most would think a firewall setup doesn't
allow anything beside the needed and therefore has nothing to block
on demand beside that.

> I can be scanned by a masqueraded machine behind a university
> FireWall, I don't want to stop all this network from accessing the
someone can perform a DoS against the access to your service for a
third party by triggering your blocking with spoofed packets.

MfG/best regards, helmut springer
                                        Life is a bitch and then you die.

Reply to: