sticky-drop 擋掉連續攻擊的來源 ip一段時間,記錄於 /var/log/snort/stickyd.log
preprocessor stickydrop: max_entries 3000,log
preprocessor stickydrop-timeouts: sfportscan 3000, portscan2 3000, clamav 3000
preprocessor stickydrop-ignorehosts: 192.168.0.0/24 192.168.1.12 192.168.1.13
bait-and-switch 使用到 iptables重導連續攻擊的來源 ip,bands.log
preprocessor bait-and-switch: max_entries 200,log,insert_before
preprocessor bait-and-switch-ignorehosts: 192.168.1.0/24
留言