Network Security: Detailed info on Re: iptables & tcp wrappers

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-Linux

[Top] [All Lists]

Re: iptables & tcp wrappers

from [George Theall] Network Security

[Permanent Link]

Subject:	Re: iptables & tcp wrappers
Date:	Tue, 5 Oct 2004 20:48:58 -0400

On Tue, Oct 05, 2004 at 06:26:55PM +0100, Matthew Baker wrote:

What it does is monitor the output from auth logs (using 
swatch) and takes the IP addresses of failed/invalid attempts and 
records the number of attempts made from that IP in a database file. 
Then when the counter goes above a configured threshold (which can be 
different for a single host or CIDR network) the IP is inserted as a 
DROP rule into custom chain using IPtables.


I wrote a more generalized version of this:
<http://www.tifaware.com/perl/log-guardian/>.  It's a Perl script,
freely available, that monitors one or more logs for patterns.  As
matches are found, the script reacts by running blocks of Perl code. 
The patterns and code can be pretty much whatever you want, which makes
the script very flexible.  I use it to monitor logs and drop traffic
from hosts responsible for troublesome behaviour with iptables rules.

George
-- 
theall@tifaware.com

pgpFlxpz476ee.pgp
Description: PGP signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: iptables & tcp wrappers, secmgr Re: iptables & tcp wrappers, Tom Walsh Re: iptables & tcp wrappers, Luis M Re: iptables & tcp wrappers, Thomas Chiverton Re: iptables & tcp wrappers, Luis M Re: iptables & tcp wrappers, Thomas Chiverton Re: iptables & tcp wrappers, Luis M Re: iptables & tcp wrappers, Matthew Baker Re: iptables & tcp wrappers, George Theall <= RE: iptables & tcp wrappers, Marcus.Zoller Re: iptables & tcp wrappers, Ansgar -59cobalt- Wiechers Re: iptables & tcp wrappers, Ansgar -59cobalt- Wiechers Re: iptables & tcp wrappers, TJ Easter RE: iptables & tcp wrappers, Whelan, Paul

Previous by Date:	Re: iptables & tcp wrappers, Luis M
Next by Date:	Re: iptables & tcp wrappers, Ansgar -59cobalt- Wiechers
Previous by Thread:	Re: iptables & tcp wrappers, Matthew Baker
Next by Thread:	RE: iptables & tcp wrappers, Marcus.Zoller
Indexes:	[Date] [Thread] [Top] [All Lists]