Hi everyone
I saw an article about configure active response in
ossec: https://wazuh.com/blog/blocking-attacks-active-response/
I have configured the direction and added some codes hoping that it will
prevent the attack, but it doesn't work.
I configured the following in ossec.conf:
<active-response>
<command> firewall-drop </command>
<location> local </location>
<rules_id> 5710 </rules_id>
<timeout> 600 </timeout>
</active-response>
<active-response>
<command> firewall-drop </command>
<location> local </location>
<rules_id> 5715 </rules_id>
<timeout> 600 </timeout>
</active-response>
The server doesn't send any alert back to me even when it is attacked, I
use syn flood attack with hping3 to attack the server.
Is there any way the active-response can prevent this
thanks everyone
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ossec-list/d7511e38-81a2-4a76-9b82-49e702cd7ab4n%40googlegroups.com.
