Link to home
Start Free TrialLog in
Avatar of NeerVerma
NeerVerma

asked on

SNORT IDS

hi i have configured snort its working fine. now I want to do few things ie

1:- If any one from outside tried to intrude in some devices like router its mail that ip to admin email id
2:- if there is some attack like dos etc it mail id to admin and block the ip

could any one tell me how to do that and how to make rule to  fullfill above creteria and run snort in IDS mode
Avatar of gheist
gheist
Flag of Belgium image

you need flexresp feature compiled in snort and then edit config files.
no need to block attacks that do not reach any service
danger to block icmp parameters or udp, as they can be easily forget to make you lock out yourself.
ASKER CERTIFIED SOLUTION
Avatar of Rich Rumble
Rich Rumble
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
correction > We find it's best to put the firewall on the link between the firewall/router to the outside. Then you can be more assured that what snort saw was a real threat.
Should read
We find it's best to put SNORT on the link between the firewall/router to the outside. Then you can be more assured that what snort saw was a real threat.
-rich
Avatar of NeerVerma
NeerVerma

ASKER

how i can configured email address so that in case of alert it mail it to admin
could any one let me know how i snort can send alerts to my email id
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.