check out Hogwash at http://hogwash.sourceforge.net/
never tried it, but it is a nice idea.
* - * - *
Tzahi Fadida
[EMAIL PROTECTED]
Technion Email: [EMAIL PROTECTED]
* - * - * - * - * - * - * - * - * - *
WARNING TO SPAMMERS: see at http://members.lycos.co.uk/my2nis/spamwarning.html
> -Orig
You might also want to have a look at snort_inline from the HoneyNet
project.
Katriel
On Tue, Jul 01, 2003 at 02:46:07AM +0200, Tzahi Fadida wrote:
> check out Hogwash at http://hogwash.sourceforge.net/
> never tried it, but it is a nice idea.
>
> * - * - *
> Tzahi Fadida
> [EMAIL PROTECTED]
>
Yeah, look for PSAD, it is a an addon for snort that modifies iptables
automaticly in run-time :-)
Oleg.
- Original Message -
From: "Mycroft" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 01, 2003 1:14 AM
Subject: Snort - iptables addon
> Hello,
> Have anyone heard of
On Tue, Jul 01, 2003 at 02:14:12AM +0300, Mycroft wrote:
> Hello,
> Have anyone heard of/used an snort add-on that could manage iptables firewall
> in responce to a specific network events...like portscans or DOS attacks?
What happens if I spoof a portscan from a different address? Do you
block i
On Tuesday 01 July 2003 10:13, Tzafrir Cohen wrote:
TC>What happens if I spoof a portscan from a different address? Do you
TC>block it? Now what was the IP of your DNS server?
TC>
That's what the "preprocessor portscan2-ignorehosts:" and "preprocessor
portscan-ignorehosts:" sections in the /etc/s
On Tue, Jul 01, 2003 at 02:43:01PM +0300, Mycroft wrote:
> On Tuesday 01 July 2003 10:13, Tzafrir Cohen wrote:
>
> TC>What happens if I spoof a portscan from a different address? Do you
> TC>block it? Now what was the IP of your DNS server?
> TC>
> That's what the "preprocessor portscan2-ignorehos
On Tuesday 01 July 2003 14:43, Mycroft wrote:
> On Tuesday 01 July 2003 10:13, Tzafrir Cohen wrote:
>
> TC>What happens if I spoof a portscan from a different address? Do you
> TC>block it? Now what was the IP of your DNS server?
> TC>
> That's what the "preprocessor portscan2-ignorehosts:" and "pr
On Tuesday 01 July 2003 15:18, Aviram Jenik wrote:
AJ>
AJ>(if my irony went undetected, I would really recommend against this
AJ>hair-triggered blocking system)
AJ>
Hmm, I am a big fan of constructive feedback. Don't we all?
AJ>"Idle scan" will actually work quite nicely here (I'm sure one of the
On Tuesday 01 July 2003 15:11, Tzafrir Cohen wrote:
TC>And suppose I don't really need the results of those scan? And this is
TC>all done just to make you block some computers?
TC>
TC>What traffic can someone make you drop?
TC>
What harm could that do? I do realize that you are right about the pot
Mycroft wrote:
Well I'm not securing a corporate web server here, most probably if i were,
I'd choose other means of security responce. Leaving it to professionals is
always a good idea :)). This box is my networked workstation at home, and i
don't have open server ports. I'm merely dealing wit
On Tue, 1 Jul 2003, Aviram Jenik wrote:
> "Idle scan" will actually work quite nicely here (I'm sure one of the servers
> written above has its idle moments), but that's not the way I would approach
> it as an attacker.
> Your IDS will not block a simple connect scan (AFAIR snort does not save
> p
L PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: Snort - iptables addon
>
>
> On Tue, 1 Jul 2003, Aviram Jenik wrote:
>
> > "Idle scan" will actually work quite nicely here (I'm sure one of the servers
> > written above has its idle moments), but that's no
On Tue, Jul 01, 2003, Shachar Shemesh wrote about "Re: Snort - iptables addon":
> The bottom line is this - if you have no open source, why do you care
> whether you are scanned?
Paranoids (like me, for example) use several lines of defense.
For example, here are 3 lines of de
On Tuesday 01 July 2003 15:58, Mycroft wrote:
>
[snip]
> This box is my networked workstation at home, and i
> don't have open server ports. I'm merely dealing with a number of script
> kiddies that think scanning and DOSing people they meet on IRC channels
> makes them all-powerful.
[snip]
> howe
On Tuesday 01 July 2003 16:35, Shachar Shemesh wrote:
SS>
SS>The bottom line is this - if you have no open source, why do you care
SS>whether you are scanned?
SS>This mail brought to you by the person responsible for Check Point not
SS>sporting any easy-to-configure automatic retaliation system,
On Tuesday 01 July 2003 18:04, Nadav Har'El wrote:
NH>Paranoids (like me, for example) use several lines of defense.
NH>
NH>For example, here are 3 lines of defense:
That's exactly what I used (and use) before my paranoia progressed and i
started messing up with NIDS as a fourth line of defense
16 matches
Mail list logo