ipsystems
asked on
SNORT + IPTABLES [ How to block with Snort ]
Hi,
I installed Snort and Acid on my server, but, it only log / alert the intruders but do not block them.
How can I configure Snort to block intruders? Are there rules pre-configured to block automaticaly?
[],
Luiz
I installed Snort and Acid on my server, but, it only log / alert the intruders but do not block them.
How can I configure Snort to block intruders? Are there rules pre-configured to block automaticaly?
[],
Luiz
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You've got to tread very lightly here, as rich pointed out it's a complicated and arcane setup and if not configured correctly you're going to be a target for denial of service attacks both directed and inadvertant. The "self defending network" is the new buzz-phrase, but if you start blocking addresses willy-nilly you'll have no connectivity.
ASKER
I found a SNORTSAM to auto blocking based on Snort Rulez. It is integrated with IPTABLES
http://www.snortsam.net/
We develop an integration with EBTABLES to use it on transparent bridge too.
Regards,
Luiz