Re: auto-response IDS againt port-scanning or attacked ip?

From: bladi (bladi-sec_at_novasec.es)
Date: 07/15/03

  • Next message: Stephen Samuel: "Re: auto-response IDS againt port-scanning or attacked ip?" 
    Date: Tue, 15 Jul 2003 03:00:14 +0200
To: SB CH <chulmin2@hotmail.com>

    Hi

    I dont know if that exist yet for snort but I think you could do it
    easily using swatch, jwhois and some scripting.

    But take care about de number of mails you send to the isp

    That shows you how to setup Swatch to email you alerts
    http://www.theadamsfamily.net/~erek/snort/snort-swatch.conf.txt

    bye

    SB CH wrote:

    > Hello, all.
    >
    > I saw some commercial IDS console which could send an e-mail
    > automatically with the admin of the ip or ip range againt
    > port-scanning or any other attacking.
    > That solution can monitor the mail status(received the reply or not
    > against the mail) too.
    > So is there any free IDS console which supports this function?
    > (Automatically e-mail alram to attcking ip)
    >

    ---------
    NovaSec Servicios de Seguridad

    C/ Evaristo San Miguel 4 2^(o)6 (Princesa)
    28008 Madrid (Espan~a)

    Tel: 91 547 30 51
    Fax: 91 559 41 75
    http://www.novasec.es

    -------------------------------------------------------------------------------
    Is your IDS deployed correctly?
    Find out by easily testing it with real-world attacks from CORE IMPACT.
    Go to www.coresecurity.com/promos/sf_eids1 to learn more.
    -------------------------------------------------------------------------------

  • Next message: Stephen Samuel: "Re: auto-response IDS againt port-scanning or attacked ip?"
    • Quantcast