Re: Active Snort Log Analyser
On Tue 2000-11-07 (10:27), email@example.com wrote:
> portscanned or under attack. Secundary, I need a tool to deny the
> IP or even better, stop the scan/attack but let the ip execute
> normal things (such as accessing the web server). Let me explain,
why do you allow anything beside the 'normal things' if you have to
block it on 'attack'? most would think a firewall setup doesn't
allow anything beside the needed and therefore has nothing to block
on demand beside that.
> I can be scanned by a masqueraded machine behind a university
> FireWall, I don't want to stop all this network from accessing the
someone can perform a DoS against the access to your service for a
third party by triggering your blocking with spoofed packets.
MfG/best regards, helmut springer
Life is a bitch and then you die.