Hello all, I use snort to detect attacks on some FireWalls, it works well but I still need a tool to tell me when the FireWall is beeing portscanned or under attack. Secundary, I need a tool to deny the IP or even better, stop the scan/attack but let the ip execute normal things (such as accessing the web server). Let me explain, I can be scanned by a masqueraded machine behind a university FireWall, I don't want to stop all this network from accessing the services I'm defending. Well, I went to snort HomePage and didn't find what I need. The proposed tools to alert you seems more programmation language than config files... In that case, I'd better write my own tool -what a time consumming task-.
JF.
