Guardian Active Response for Snort


Guardian is a security program which works in conjunction with Snort to automaticly update firewall rules based on alerts generated by Snort.
The updated firewall rules block all incoming data from the IP address of the attacking machine (the machine which caused Snort to generate an alert.
There is also logic in place which pervents blocking important machines, such as DNS servers, gateways, and whatever else you want.

Here is a link you might want to read: .. I found it very interesting on why you should use this software with great caution.

New Stuff/Changes

Block/Unblock Scripts

Misc Stuff



This page is still under much work, so check back often =) --- Anthony (astevens @ chaotic . org) 03-26-02