[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Active Snort Log Analyser



> why do you allow anything beside the 'normal things' if you have to
> block it on 'attack'?  most would think a firewall setup doesn't
> allow anything beside the needed and therefore has nothing to block
> on demand beside that.

You're right and I already block unusual things...
So, how can I block the attack once I've detected the scan ?

> someone can perform a DoS against the access to your service for a
> third party by triggering your blocking with spoofed packets.

Right again ! And again, how can I prevent this from occuring ?

Well, thanks for opening my eyes, I see this is not as simple as denying access.
I'm about to try portsentry as I talk and it seems to stop the attacker before 
he starts the attack: when he tries to scan the FireWall.

JF.



Reply to: