| View previous topic :: View next topic |
| Author |
Message |
gojyo
n00b
Joined: 01 May 2004
Posts: 68
|
 Posted: Fri Aug 12, 2005 5:08 pm Post subject: Snort drops packets? |
 |
|
I've just installed Snort on my box.
I have some trouble understanding if and when dangerous packets (as exploits, portscans ecc..) are dropped by Snort itself.
I've tried to scan, with nmap, my box: Snort sees the portscan attack, and logs it, anyway any nmap OS fingerprinting attempt is succesfull, even if is clean to Snort that is a "illecit" operation.
I think the rules themselves should take the right decision to drop packets or not, but I don't really know how it works.
What I need is to make Snort drop dangerous packets, including those from nmap trying a fingerprint.
So, if Snort detects, for example, an exploit, it drops it and logs it, not just the second.
Can someone explain how to do? |
|
| Back to top |
|
 |
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Fri Aug 12, 2005 5:33 pm Post subject: |
|
|
Snort doesn't respond to attacks by taking any action to stop them. You can install some software to make that happen, but I'd read this first.
http://www.snort.org/docs/faq/1Q05/node91.html
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
gojyo
n00b
Joined: 01 May 2004
Posts: 68
|
| Posted: Fri Aug 12, 2005 5:42 pm Post subject: |
|
|
thanks,
I think that for me it's more secure to block traffic instead of just log, even if a dos attack can occur. After all, I've just a home adsl line, and I prefer to stay for some time disconnected than to get hacked.
I think I'll try SnortSam, thanks! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
