[CLUE-Tech] Auto blocking hosts w/ iptables

[Hani Duwaik]

--- Adam Bultman <adamb at glaven.org> wrote:

> Your first line of defense is making sure that apache us up to date.
> 
> For a program that watches ports and blocks people accordingly, use 
> portsentry by psionic - might even be in the portage tree.
> 
> If you want to take IDS logs and block people with that data, you
> might 
> want to see what snort can do for you.
> 
> 
> Since most script kiddies will port scan as well as try to 'sploit'
> you 
> via the web, portsentry is a really good way of blocking them first
> thing.
> 
> Aam
> 

Thanks for the info.  Looks like PortSentry might be what I'm looking
for (I like its ability to execute user defined code if/when a port
scan is detected ... wonder if Snort has a similar feature).

Do you know if PortSentry uses a signature file to detect intrusion
attempts as well as simple port scans?  Or does is only look for port
scans?

(For reference, I have a linksys router providing basic NAT and
firewall services.  It is configured to allow all traffic on port 80 to
my linux server.  Everything else is blocked).

Thanks again for the info.

-Hani


		
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail