denycomm, a free IP blocker for multiple firewalls

• Previous message: George Capehart: "Re: True definition of Intrusion Prevention"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 30 Dec 2003 19:36:50 -0800
To: focus-ids@securityfocus.com

Sorry for the line-wrapping, it's the web interface.

I have a little command-line tool (denycomm) that black holes a given
IP. It works out-of-the-box with iptables, pf, ipf, and route. You might
use this tool manually, just to avoid mistakes, or automatically, for
example triggered by a log-monitoring program or an IDS. I'd like to
add support for as many firewalls as practicable.

IMHO it's unsanitary to hard-code commands into these programs that are
specific to your firewall, or worse, to your firewall configuration.
Use this program instead. You can use command-line args or better yet
a simple (one word) config file. In the future it may sprout a "clever"
option that guesses what firewall you're running, obviating the need
for a config file. For all you people with money to burn, you can define
a custom handler to alter a commercial firewall's rules. If you change
firewalls, you make a one line change in the config file and that's it;
you need never touch snort or swatch or any other program which blocks
hosts.

This will be the back end to a much more ambitious distributed system.

http://travcom.tripod.com/

Comments to or CC'd directly to me please; I archive this list but don't
always read it.

Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: George Capehart: "Re: True definition of Intrusion Prevention"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [fw-wiz] denycomm, blocks IPs 4 different ways ... I have a little command-line tool that black holes a given ... specific to your firewall, or worse, to your firewall configuration. ... a simple config file. ... (Firewall-Wizards) Re: [opensuse] Lost firewall logging ... in the original config file, ... Restarting the firewall and/or restarting syylog-ng even ... specifing the config file, ... (SuSE) Re: trying to install the nvidia driver ... edited the x config file and now it allows me ... set a decent resoultion and refresh rate. ... card using ndis wrapper (cos there is no native linux driver for my ... I think its a firewall issue (knew I shouldn't have installed it, ... (alt.os.linux.redhat) Re: [SLE] NFS with SuSEfirewall2 ... to the Firewall config file and restart the Firewall. ... config file is very well commented and easy to understand. ... restart the Firewall or reboot after commenting the config file. ... # Web Site Development ... (SuSE) Re: New?? firewall idea, self-learning? ... I have a linux desktop upstairs. ... If you're bringing up the idea of a self-learning firewall then I don't ... really secure servers don't have any GUI installed. ... A GUI *can* be configured to be just as secure as a command-line interface. ... (comp.security.firewalls)