[CLUE-Tech] Auto blocking hosts w/ iptables

Adam Bultman adamb at glaven.org
Thu Jul 29 12:38:03 MDT 2004 

Your first line of defense is making sure that apache us up to date.

For a program that watches ports and blocks people accordingly, use 
portsentry by psionic - might even be in the portage tree.

If you want to take IDS logs and block people with that data, you might 
want to see what snort can do for you.


Since most script kiddies will port scan as well as try to 'sploit' you 
via the web, portsentry is a really good way of blocking them first thing.

Aam


Hani Duwaik wrote:

>Hello,
>
>I'm looking for information regarding either of the following:
>
>1) A tool (script, application, module) that will monitor apache log
>files, detect attacks, and create an iptables rule to block traffic
>from offending hosts.
>
>2) A tool (or complete solution) that will take IDS logs and perform
>the same operation with iptables as described above.
>
>I'm running gentoo linux and have a personal website I am using.  In
>the few days I've had it up, I've noticed several compromise attempts
>(though they were mostly for IIS).  For various reasons, I can't change
>the port apache runs on.  As such, I'd to find a way to automatically
>block traffic from any host that tries to use known tools to compromise
>webservers.
>
>Any thoughts would be welcomed.
>
>TIA,
>
>-Hani
>
>=====
>--------------------------------------------------------------------------------------------------
>"Windows [n.]
>A thirty-two bit extension and GUI shell to a sixteen bit patch to an eight bit operating system originally coded for a four bit microprocessor and sold by a two-bit company that can't stand one bit of competition."
>(Anonymous USEnet post)
>--------------------------------------------------------------------------------------------------
>
>
>		
>__________________________________
>Do you Yahoo!?
>Yahoo! Mail is new and improved - Check it out!
>http://promotions.yahoo.com/new_mail
>_______________________________________________
>CLUE-Tech mailing list
>Post messages to: CLUE-Tech at clue.denver.co.us
>Unsubscribe or manage your options: http://clue.denver.co.us/mailman/listinfo/clue-tech
>  
>

More information about the clue-tech mailing list