Re: Automatic blocking of attackers' IP

From: FEEB (feeb_at_chem.utoronto.ca)
Date: 09/07/04


Date: Tue, 07 Sep 2004 13:12:47 -0400 (EDT)

On 7 Sep 2004 16:56:58 GMT, Mark A. Odell wrote:

>"FEEB" <feeb@chem.utoronto.ca> wrote in
>news:srropurzhgbebagbpn.i3ohdhe.pminews@news1.chem.utoronto.ca:
>
>>>> I would like to have the following scenario implemented on my
network:
>>>>
>>>> 1.
>>>> Someone tries repeatedly and illegally to log in as 'admin', 'root'
or
>>>> whatever from some IP using SSH (or any other means).
>>>
>>>Why not just set hosts.deny to ALL: ALL and then open up only those IPs
>> or
>>>domains you wish to allow in hosts.allow?
>>
>> We must be open to anyone. That's our business :-)
>
>Ah. Then just put the bad IP or IP range into the hosts.deny. Of course
>this won't scale well for many IP addresses.

It would be quite inconvenient in our case of 4 full C-blocks.

The mechanism of blocking the intruder is available. However, I want to
do it automatically and only after the certain trigger level has been
reached. I know how to do it, I just do not want to reinvent the wheel.

Frank Bures, <feeb@chem.utoronto.ca>



Relevant Pages

  • Re: Automatic blocking of attackers IP
    ... On 7 Sep 2004 16:56:58 GMT, Mark A. Odell wrote: ... I know how to do it, I just do not want to reinvent the wheel. ...
    (comp.os.linux.networking)
  • Re: Automatic blocking of attackers IP
    ... On 7 Sep 2004 16:56:58 GMT, Mark A. Odell wrote: ... I know how to do it, I just do not want to reinvent the wheel. ...
    (comp.os.linux.security)
  • Re: Event Error 32003 IPNATHLP & KB 293497
    ... I Deleted the D-Link Software ... Intel PRO/100 VE Network Connection... "Mark L. Ferguson" wrote: ... Rather than Resetting the Router I chose what I considered the simpler ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Event Error 32003 IPNATHLP & KB 293497
    ... Mark, Thank you so very much for your Help. ... Your computer has automatically configured the IP address for the Network ... SIEMANS Speedstream 6520 Wireless ADSL Gateway. ... KB 293497 says to change the Mask to the Subnet Mask that the External ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Please help a young aspiring security professional
    ... On Wednesday 09 January 2002 11:22, Mark Ng stuffed this into my mailbox: ... sortta the same with me.... ... network and that's a good reference, especially if your boss is willing to ... > that would never be open to a CS graduate at this age. ...
    (Security-Basics)