[CLUE-Tech] Auto blocking hosts w/ iptables
Hani Duwaik
hduwaik at yahoo.com
Thu Jul 29 11:47:57 MDT 2004
Hello,
I'm looking for information regarding either of the following:
1) A tool (script, application, module) that will monitor apache log
files, detect attacks, and create an iptables rule to block traffic
from offending hosts.
2) A tool (or complete solution) that will take IDS logs and perform
the same operation with iptables as described above.
I'm running gentoo linux and have a personal website I am using. In
the few days I've had it up, I've noticed several compromise attempts
(though they were mostly for IIS). For various reasons, I can't change
the port apache runs on. As such, I'd to find a way to automatically
block traffic from any host that tries to use known tools to compromise
webservers.
Any thoughts would be welcomed.
TIA,
-Hani
=====
--------------------------------------------------------------------------------------------------
"Windows [n.]
A thirty-two bit extension and GUI shell to a sixteen bit patch to an eight bit operating system originally coded for a four bit microprocessor and sold by a two-bit company that can't stand one bit of competition."
(Anonymous USEnet post)
--------------------------------------------------------------------------------------------------
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail
More information about the clue-tech
mailing list