Automatic blocking
Mike Klinke
lsomike at futzin.com
Wed Aug 16 17:23:33 UTC 2006
On Wednesday 16 August 2006 05:25, Ashley M. Kirchner wrote:
> I looked around on the web and found a few different programs
> to do this, so I thought I'd ask here for advice: what are people
> using to automatically block incoming attacks via ssh and ftp?
> I'm referring to those script kiddies who simply hit your system
> over and over and over again in a very short period of time,
> probing both the ssh as well as the ftp daemons trying to log in.
Take a look at "snortsam" ( http://www.snortsam.net/ ) . It works
in conjunction with the snort IDS and you can customize rules for
your situation. It'll manipulate a number of different firewall
applications including iptables.
Regards, MIke Klinke
More information about the fedora-list
mailing list