It can block the attack. If it detects it in any log it can do any
action you want. I've written a script that mirrors the attack back to
the attacker ( http://h4des.org/source/blog/mirroring-traffic.sh.txt ).
If you want more, you can combine it with snort or any other NIDS. Ossec
is a great platform to manage action agains intruders.
Andre Pawlowski
-------------------------------------------------------------------
Wenn eine Idee nicht zuerst absurd erscheint, taugt sie nichts.
-Albert Einstein
On 04/15/2010 05:35 PM, Saeid Ansaripour wrote:
> Is osses doing any kind of IPS at all.
> It looks like ossec is more like of a loging management than anything
> else.
> How does it prevent the intrusion if say a malware attacks a system?
>
>
--
To unsubscribe, reply using "remove me" as the subject.
