Spoink 1.0 review
DownloadSpoink is an output-plugin for snort that works by blocking access to attackers using OpenBSD's pf api. All you need is an OpenBSD
|
|
Spoink is an output-plugin for snort that works by blocking access to attackers using OpenBSD's pf api.
All you need is an OpenBSD machine (or pf compatible), and snort (last version works well).
Spoink uses a pf table and a blocking rule to stop "attackers" accessing our system. To protect from false negatives you must have a whitelist full of ips you want save (see section 2).
Spoink program only blocks attacks defined in snort rules so think for a minute what rules you want to use first.
Spoink 1.0 keywords