[CLUE-Tech] Auto blocking hosts w/ iptables
Jeff Falgout
jfalgout at co.jefferson.co.us
Sat Jul 31 20:37:25 MDT 2004
>>> hduwaik at yahoo.com 07/29/04 11:47 AM >>>
Hello,
I'm looking for information regarding either of the following:
1) A tool (script, application, module) that will monitor apache log
files, detect attacks, and create an iptables rule to block traffic
from offending hosts.
2) A tool (or complete solution) that will take IDS logs and perform
the same operation with iptables as described above.
I'm running gentoo linux and have a personal website I am using. In
the few days I've had it up, I've noticed several compromise attempts
(though they were mostly for IIS). For various reasons, I can't change
the port apache runs on. As such, I'd to find a way to automatically
block traffic from any host that tries to use known tools to compromise
webservers.
Any thoughts would be welcomed.
TIA,
-Hani
=====
>>>>>>>>>>>>>>>>>>>>>>>>>>
Take a look at snort-inline http://snort-inline.sourceforge.net/,
it does what I think you're asking for.
Jeff
More information about the clue-tech
mailing list