Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-users] HELP: Configuring IPTABLES on SnortSam blocking agent

from [Rachmat Hidayat Al-Anshar] Network Security [Permanent Link]
Subject: [Snort-users] HELP: Configuring IPTABLES on SnortSam blocking agent
Date: Sun, 18 Nov 2007 00:19:15 -0800 (PST) 
Hi again guys, 

I have a little confused with the Fabrizio's statement 
on how we set the IPTABLES to make the snortsam agent
effectively block the bad ip address that have been delivered
by snortsam output plugin on snort machine.

BLOCK COMMAND:
/sbin/iptables -I FORWARD -i %s  -s %s -j DROP
/sbin/iptables -I INPUT -i %s  -s %s -j DROP

UNBLOCK COMMAND:
/sbin/iptables -D FORWARD -i %s  -s %s -j DROP
/sbin/iptables -D INPUT -i %s  -s %s -j DROP


note:
-i  = interface to block the bad ip address
-s = remote source ip address to be blocked

There is no problem at all with "-i" switch, the thing was bothering me
is the "-s" switch. How can I issue the bad ip address? 
in fact the snortsam outplugin on snort machine just send the "src" contains 
the bad ip address that was detected by snort. We talking about the random 
and dynamic ip address don't we?

so, what do you think guys?!?! what should I do?!




      
____________________________________________________________________________________
Be a better sports nut!  Let your teams follow you 
with Yahoo Mobile. Try it now.  
http://mobile.yahoo.com/sports;_ylt=At9_qDKvtAbMuh1G1SQtBI7ntAcJ
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-users] HELP: Configuring IPTABLES on SnortSam blocking agent, Rachmat Hidayat Al-Anshar <=
Previous by Date:  Re: [Snort-users] HELP: Error at exploit.so: undefined symbol: __guard, Rachmat Hidayat Al-Anshar
Next by Date:  [Snort-users] Two problems, Tica
Previous by Thread:  Re: [Snort-users] HELP: Error at exploit.so: undefined symbol: __guard, Rachmat Hidayat Al-Anshar
Next by Thread:  [Snort-users] Two problems, Tica
Indexes:  [Date] [Thread] [Top] [All Lists]