A better approach : Note the SNORT event and then do a DB lookup and see if the scanned machine has 1) been previously scanned by Nessus and, if so, tell me if the machine is actually vulnerable to the event which SNORT flagged....which is, incidentally, what Lightning Console will do for you...So, you get IDS event correlation (i.e. tell me which attacked machines were actually vulnerable to the attack)...pretty nifty.
John Lampe jwlampe -at- nessus.org http://f00dikator.aceryder.com/ On Fri, 5 Mar 2004, Jon Goode wrote: > Has anyone considered setting up snort to detect network scans from external > networks, then automatically having nessus 'retaliate' a scan and post the > results of the offending machine? Or could this loop? :) > > Phynex > > _______________________________________________ > Nessus mailing list > [EMAIL PROTECTED] > http://mail.nessus.org/mailman/listinfo/nessus > _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
