[CLUE-Tech] vsftpd question
Peter Motykowski
peter at motyka.org
Tue Jun 15 10:33:58 MDT 2004
I recall a friend telling me about PortSentry and null-routing IPAs. It seems you
can configure it to activate an ipchains rule when certain events occur. An event
in this case could be X FTP connection requests in X seconds -> ignore offending IPA
for X minutes.
http://sourceforge.net/projects/sentrytools/
> On Mon, 14 Jun 2004 08:31:39 -0600
> Charles Oriez <coriez at oriez.org> wrote:
>
>> Is there a way of limiting the maximum number of failed attempts from a
>> given IPA? I know that some of my users are fat fingered, so I don't
>> want anyone to be locked out on the first failure, but after say 10
>> failed attempts from an IPA in a 24 hour period, I'd stop giving someone
>> the benefit of the doubt.
>
> It's been a while since I've read about intrusion detection systems, but
> wouldn't something like snort be able to do this? I know some of them can
> be configured to null-route IPAs based on various criteria. Don't know if
> you can get them this fine grained, but you might look into it.
>
> jed
> --
> http://s88369986.onlinehome.us/freedomsight/
>
> ... it is poor civic hygiene to install technologies that could someday
> facilitate a police state. -- Bruce Schneier
> _______________________________________________
> CLUE-Tech mailing list
> Post messages to: CLUE-Tech at clue.denver.co.us
> Unsubscribe or manage your options:
> http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list