from the pig-by-the-tail dept.
"Here is a little perl-script that might -hopefully- be usefull to some of you.
It parses snort's alert file and blocks the "bad" hosts
for a specific amount of time using PF and anchors.
You can obtain it from
There's a german mini-howto from the "OpenBSD Dokumentations Projekt" containing instructions for installing it together with snort.
I'd love to hear some comments / suggestions."
Reactive IDS systems can be quite controversal, and require careful configuration or you can wind up a victim of your own cleverness. Caveats aside, budding BOFH's should give this a try.
(Comments are closed)
Lurene () bitkitten at I hate spam ghettohackers dot n3t
mailto:bitkitten at I hate spam ghettohackers dot n3t