Currently seeing an abnormal amount of http traffic consisting of only
tcp syn packets according to snort.  

My main question is how can I block inbound traffic from a given host
using arp?

Related question:
I've added block rules for the offending hosts in my ipf rule list, but
snort still sees traffic from these hosts after restarting ipf to
include the new block rules - why is this?  


Jez Hancock
 - System Administrator / PHP Developer

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to