[tech] Snort: should we block attacking hosts?
Grahame Bowland
grahame at angrygoats.net
Mon Feb 20 23:04:42 WST 2012
Hey
Do you care about MS-SQL attacks? Seems like it's probably wasted effort.
On 20 February 2012 22:59, Daniel Axtens <danielax at gmail.com> wrote:
> Greetings!
>
> Perusal of the daily snort emails shows that much of the alerts are
> generated by a relatively small number of hosts, mostly trying to propagate
> some sort of MS-SQL worm.
>
> What are people's opinions on setting up fail2ban to drop traffic coming
> from hosts who send lots of known-bad traffic?
>
> The obvious downside is potential DOS on valid users. How big is this risk
> and do we care?
>
> Thanks in advance,
> -- d
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ucc.gu.uwa.edu.au/pipermail/tech/attachments/20120220/1b4274a2/attachment.htm
More information about the tech
mailing list