[tech] Snort: should we block attacking hosts?
Daniel Axtens
danielax at gmail.com
Mon Feb 20 22:59:03 WST 2012
Greetings!
Perusal of the daily snort emails shows that much of the alerts are generated by a relatively small number of hosts, mostly trying to propagate some sort of MS-SQL worm.
What are people's opinions on setting up fail2ban to drop traffic coming from hosts who send lots of known-bad traffic?
The obvious downside is potential DOS on valid users. How big is this risk and do we care?
Thanks in advance,
-- d
More information about the tech
mailing list