[CLUE-Tech] Auto blocking hosts w/ iptables

[Hani Duwaik]

Hello,

I'm looking for information regarding either of the following:

1) A tool (script, application, module) that will monitor apache log
files, detect attacks, and create an iptables rule to block traffic
from offending hosts.

2) A tool (or complete solution) that will take IDS logs and perform
the same operation with iptables as described above.

I'm running gentoo linux and have a personal website I am using.  In
the few days I've had it up, I've noticed several compromise attempts
(though they were mostly for IIS).  For various reasons, I can't change
the port apache runs on.  As such, I'd to find a way to automatically
block traffic from any host that tries to use known tools to compromise
webservers.

Any thoughts would be welcomed.

TIA,

-Hani

=====
--------------------------------------------------------------------------------------------------
"Windows [n.]
A thirty-two bit extension and GUI shell to a sixteen bit patch to an eight bit operating system originally coded for a four bit microprocessor and sold by a two-bit company that can't stand one bit of competition."
(Anonymous USEnet post)
--------------------------------------------------------------------------------------------------


		
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail