[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: active response add to null route

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: active response add to null route
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Tue, 13 Feb 2007 23:20:39 -0400
Cc: "Ivan Lotina" <lotke@xxxxxxxxx>
Content-disposition: inline
Content-transfer-encoding: 7bit


Hi Ivan,

It should work well, but just remember that it will not block any
unidirectional
packet (like udp). The route null will only deny the responses back to
the blocked
host...

When you do your active response script, please share it with us :)

Thanks,

--
Daniel B. Cid
dcid ( at ) ossec.net

On 2/13/07, Ivan Lotina <lotke@xxxxxxxxx> wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I was thinking about creating new command for active response.
Simple route add to null route.
Any pros/cons for that kind of denying access ?

Regards, Ivan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFF0gC6ZGbJE+hoXVURAg+0AKCJKn7rEm7dSP8rV6HygCc0IO2SGgCfY4sv
HY1dSEawm2jO/YnyYlk7rdE=
=xOH0
-----END PGP SIGNATURE-----

References:
- [ossec-list] active response add to null route
  - From: Ivan Lotina

Prev by Date: [ossec-list] Re: Active response on MacOS X?
Next by Date: [ossec-list] Windows clients disconnecting
Previous by thread: [ossec-list] active response add to null route
Next by thread: [ossec-list] Windows clients disconnecting
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.