spoink
Spoink is an output-plugin for snort that
works by
blocking access to attackers using
OpenBSD's pf api.
All you need is an OpenBSD machine (or pf
compatible),
and snort (last version works
well).
Spoink uses a pf table and a blocking rule to stop
"attackers" accessing our system. To protect from
false negatives you must have a whitelist full of
ips you want save (see section 2).
It only blocks attacks defined in snort rules
so
think for a minute what rules you want to use
first.
Setting snort with spoink
See README.
Download
spoink-v1.0
contact at zz |dot| stalker |at| gmail |dot| com
public key id: 0x1E0D5A2A
