Hi!
Can anyone help me in the following job?
The X Company has more than 1000 machines (desktop and servers) on their
WAN. They installed snort as an IDS, they are logging remotely and
sending alerts by email and by sms to mobiles.
What are the best steps to customize the alerts? The phone company
thought that the servers were doing some spam jobs. They send many, many
alerts and probably almost flood the phone phone company network.
What is the best way to tell the system to send alerts? Which math
should I use?
I know I can know have to disable some types of rules that just can't
affect the ambient, I know I can count packets by priorities, by type of
alerts, by packets, ... But what math can I use to send the alerts
without flooding mail boxes and mobiles?
Best Regards,
--
Rodrigo Buarque Ramos
GPG KEY ID: 0x71CFE098 --> http://pgp.mit.edu
Key fingerprint = F381 366D D233 22B4 7E72 A21D DE9B 2FF3 71CF E098
55 81 88513524
55 81 3463.1593
http://www.triforsec.com.br
http://www.defenselayer.com
---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.
Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
---------------------------------------------------------------------------
Received on Mar 03 2004
Intro
