From owner-freebsd-isp  Tue Jan 14  5: 8:54 2003
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F18BE37B401
	for <freebsd-isp@freebsd.org>; Tue, 14 Jan 2003 05:08:52 -0800 (PST)
Received: from cultdeadsheep.org (charon.cultdeadsheep.org [80.65.226.72])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8CC4243F6B
	for <freebsd-isp@freebsd.org>; Tue, 14 Jan 2003 05:08:48 -0800 (PST)
	(envelope-from sheepkiller@cultdeadsheep.org)
Received: (qmail 4097 invoked from network); 14 Jan 2003 13:08:42 -0000
Received: from unknown (HELO satan.cultdeadsheep.org) (192.168.0.4)
  by goofy.cultdeadsheep.org with SMTP; 14 Jan 2003 13:08:42 -0000
Date: Tue, 14 Jan 2003 14:08:39 +0100
From: Clement Laforet <sheepkiller@cultdeadsheep.org>
To: Mark Bojara <mark@mics.co.za>
Cc: freebsd-isp@freebsd.org
Subject: Re: snort with ipfw
Message-Id: <20030114140839.26ad6145.sheepkiller@cultdeadsheep.org>
In-Reply-To: <20030114110205.S291-100000@opium.co.za>
References: <20030114110205.S291-100000@opium.co.za>
Organization: tH3 cUlt 0f tH3 d3@d sH33p
X-Mailer: Sylpheed version 0.8.8 (GTK+ 1.2.10; i386-portbld-freebsd5.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

Hi,

Yes it is.
You have to use Guardian perl script, in contrib directory.

clem


On Tue, 14 Jan 2003 11:03:40 +0200 (SAST)
Mark Bojara <mark@mics.co.za> wrote:

> Hello,
> 
> Is it possible set up snort so that when it detects a portscan it
> automatically adds a ipfw rule and blocks that ip address?
> 
> Regards
> Mark Bojara
> 
> ----------------------------------------------------------------
> NEWS! Survivor of siamese twins joins parents
> ----------------------------------------------------------------
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message