[plug] Attempted Intrusions
Craig Foster
fostware at westnet.com.au
Thu Oct 21 07:41:44 WST 2004
> -----Original Message-----
> From: plug-bounces at plug.linux.org.au
> [mailto:plug-bounces at plug.linux.org.au] On Behalf Of Andrew Cowie
> Sent: Thursday, 21 October 2004 3:00 AM
> To: plug at plug.linux.org.au
> Subject: Re: [plug] Attempted Intrusions
>
> On Wed, 2004-20-10 at 10:00 +0800, Bill Kenworthy wrote:
> > I do it dynamicly off log messages. if someone hits a
> tripwired port,
> > it drops them silently forevermore until I flush the chains.
>
> Bill, do you have that set of scripts together in some
> coherent redistributable form?
There's packaged versions of portsentry which will do the same thing
You can choose what ports, how they're blocked (routed, iptables dropped or
rejected, etc), and you can choose the timeout.
Oh, and you can get it to ignore certain hosts (like your e-mail, dns,
*gateway*!) so address faking wont DoS your connection.
http://sourceforge.net/projects/sentrytools/
> It strikes me that this is exactly the sort of thing I've
> wanted to do from time to time in the past, but your scheme
> sounds richer than what I came up with. Would you be willing
> to post them?
>
> AfC
> Vancouver
>
> --
> Andrew Frederick Cowie
Regards,
CraigF.
More information about the plug
mailing list