You might also want to have a look at snort_inline from the HoneyNet project.
Katriel On Tue, Jul 01, 2003 at 02:46:07AM +0200, Tzahi Fadida wrote: > check out Hogwash at http://hogwash.sourceforge.net/ > never tried it, but it is a nice idea. > > * - * - * > Tzahi Fadida > [EMAIL PROTECTED] > Technion Email: [EMAIL PROTECTED] > * - * - * - * - * - * - * - * - * - * > > WARNING TO SPAMMERS: see at http://members.lycos.co.uk/my2nis/spamwarning.html > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mycroft > > Sent: Tuesday, July 01, 2003 1:14 AM > > To: [EMAIL PROTECTED] > > Subject: Snort - iptables addon > > > > > > Hello, > > Have anyone heard of/used an snort add-on that could manage iptables firewall > > in responce to a specific network events...like portscans or DOS attacks? > > I know once it's detected, snort is capable of blocking it, but i was looking > > for more low-level approach to this issue, stopping the packets cold on IP > > level. I know i can use psad for such things, but again, i am looking for an > > add-on, not a second IDS...which i would have to cripple in order to let them > > live together. Googling for an answer doesn't help much. > > -- > > Sincerely Yours, > > Vasiliev Michael > > > > NP: XMMS is not loaded. > > > > > > ================================================================= > > To unsubscribe, send mail to [EMAIL PROTECTED] with > > the word "unsubscribe" in the message body, e.g., run the command > > echo unsubscribe | mail [EMAIL PROTECTED] > > > > > > > > > > > ================================================================= > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
