Re: Automatic blocking of attackers' IP
From: William B. Cattell (wbcattell1.nospam_at_yahoo.com)
Date: 10/11/04
- Previous message: Thomas Vincent: "Re: Storing paswords encrypted in DB tables."
- Next in thread: moo: "Re: Automatic blocking of attackers' IP"
- Reply: moo: "Re: Automatic blocking of attackers' IP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 11 Oct 2004 03:12:52 GMT
On Tue, 07 Sep 2004 09:53:31 -0400, FEEB wrote:
> Hi,
>
> I would like to have the following scenario implemented on my network:
>
> 1.
> Someone tries repeatedly and illegally to log in as 'admin', 'root' or
> whatever from some IP using SSH (or any other means).
>
> 2.
> When the number of attempts reaches a predefined trigger level, an action
> occurs (a script is executed, etc.)
>
> The definition of attempts, the trigger level and the resulting action
> should be configurable.
>
> Is a watchdog like that that would fulfill my requirements available
> somewhere out there or do I have to sit down and start scripting?
>
> Thanks
>
>
> Frank Bures, <feeb@chem.utoronto.ca>
Take a look at PortSentry. It will key off actions you can specify and
automatically block / close the port for a period of time. It can also be
scripted to insert the attacker's IP address into the hosts.deny thereby
blocking that IP from that daemon.
Bill
- Previous message: Thomas Vincent: "Re: Storing paswords encrypted in DB tables."
- Next in thread: moo: "Re: Automatic blocking of attackers' IP"
- Reply: moo: "Re: Automatic blocking of attackers' IP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
