Re: iptables Timed Port Block?

From: Tantor (tantor@tantor1.yi.org)
Date: 02/27/03


From: "Tantor" <tantor@tantor1.yi.org>
Date: Thu, 27 Feb 2003 19:25:07 GMT

right on thanks, I'll check it out.
"Steve Webster" <swebstenospamr@bignospampond.net.au> wrote in message
news:3E5E60FA.1080000@bignospampond.net.au...
> Tantor wrote:
>
> [snip]
> > What I want to be able to do is open port 21 and as soon as a computer
scans
> > that port I want something that reads its ip and drop all further
packets
> > from that person for x amount of time. Since nothing is using port 21
if
> > something does scan it then I have to assume that its for an attack of
> > somekind, so I figure it would be a good idea to just block everything
from
> > that IP for awhile.
> >
>
> This sounds like what Portsentry is supposed to do. It used to be
> available from <http://www.psionic.com> according to Google, but I don't
> know if that's still the case. According to
> <http://packages.debian.org/unstable/net/portsentry.html>, "PortSentry
> has the ability to detect portscans(including stealth scans) on the
> network interfaces of your machine. Upon alarm it can block the attacker
> via hosts.deny, dropped route or firewall rule. It is part of the Abacus
> program suite".
>
> There's an intro article at:
> <http://www.bsdtoday.com/2000/July/Features233.html>
>
> --
> Steve Webster
> Remove the 'nospam's to get my email address.
>



Relevant Pages

  • RE: Strange loopback in firefox.
    ... described as heavy attack from outside IP addresses. ... either using the Microsoft_DS port or epmap port to connect). ... For example a connection from port 3014 to 3015 and the next ... to facilitate one-on-one interaction with one of our expert instructors. ...
    (Security-Basics)
  • Re: Security problem
    ... simply to use a non-standard port. ... names and passwords, on large ranges of IP addresses. ... order to perform successful brute-force attack and that's ludicrous. ... DROP incoming packets for other ports (and what internet-facing server ...
    (comp.os.linux.development.apps)
  • FW: Legal? Road Runner proactive scanning.[Scanned]
    ... You consider a port scan to be an attack? ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
    (Security-Basics)
  • Re: SSH server under attack...
    ... It's highly possible that even though you changed the port, an automated script discovered the new port by probing the ports and matching version numbers, ie: ... the new machine to attack me is 200.55.192.29. ... Failed password for invalid user admin from::ffff:200.55.192.29 port ...
    (Security-Basics)
  • SSH server under attack...
    ... OK...within a few hours the server was being attacked again on port 2222. ... The router/firewall logs dont show any dropped packets sent to port 22 so he changed the port of the attack script. ... I scanned the machine and found that it is hosting a webserver Server at www.springs.cl) among other services. ... Invalid user admin from::ffff:200.55.192.29 Failed password for invalid user admin from::ffff:200.55.192.29 port ...
    (Security-Basics)