Re: iptables Timed Port Block?
From: Steve Webster (swebstenospamr@bignospampond.net.au)
Date: 02/27/03
- Next message: Robert Tinsley: "Re: Port Scans and Prelude"
- Previous message: David D. Huff Jr.: "Re: Port Scans and Prelude"
- In reply to: Tantor: "iptables Timed Port Block?"
- Next in thread: Tantor: "Re: iptables Timed Port Block?"
- Reply: Tantor: "Re: iptables Timed Port Block?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Steve Webster <swebstenospamr@bignospampond.net.au> Date: Thu, 27 Feb 2003 19:03:23 GMT
Tantor wrote:
[snip]
> What I want to be able to do is open port 21 and as soon as a computer scans
> that port I want something that reads its ip and drop all further packets
> from that person for x amount of time. Since nothing is using port 21 if
> something does scan it then I have to assume that its for an attack of
> somekind, so I figure it would be a good idea to just block everything from
> that IP for awhile.
>
This sounds like what Portsentry is supposed to do. It used to be
available from <http://www.psionic.com> according to Google, but I don't
know if that's still the case. According to
<http://packages.debian.org/unstable/net/portsentry.html>, "PortSentry
has the ability to detect portscans(including stealth scans) on the
network interfaces of your machine. Upon alarm it can block the attacker
via hosts.deny, dropped route or firewall rule. It is part of the Abacus
program suite".
There's an intro article at:
<http://www.bsdtoday.com/2000/July/Features233.html>
-- Steve Webster Remove the 'nospam's to get my email address.
- Next message: Robert Tinsley: "Re: Port Scans and Prelude"
- Previous message: David D. Huff Jr.: "Re: Port Scans and Prelude"
- In reply to: Tantor: "iptables Timed Port Block?"
- Next in thread: Tantor: "Re: iptables Timed Port Block?"
- Reply: Tantor: "Re: iptables Timed Port Block?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
