[CLUE-Tech] Auto blocking hosts w/ iptables
j7s12b
j7s12b at comcast.net
Sun Aug 1 08:08:38 MDT 2004
On Thursday 29 July 2004 12:47, Hani Duwaik wrote:
> Hello,
>
> I'm looking for information regarding either of the following:
>
> 1) A tool (script, application, module) that will monitor apache log
> files, detect attacks, and create an iptables rule to block traffic
> from offending hosts.
>
> 2) A tool (or complete solution) that will take IDS logs and perform
> the same operation with iptables as described above.
I stumbled upon this http://www.cipherdyne.org/psad/faq.html
"What is psad?
The Port Scan Attack Detector (psad) is a collection of three lightweight
system daemons written in Perl and C that are designed to work with Linux
iptables firewalling code to detect port scans and other suspect traffic. It
features a set of highly configurable danger thresholds (with sensible
defaults provided), verbose alert messages that include the source,
destination, scanned port range, begin and end times, TCP flags and
corresponding nmap options, email alerting, DShield reporting, and automatic
blocking of offending IP addresses via dynamic configuration of iptables
firewall rulesets.
"
J.
More information about the clue-tech
mailing list