IP Address blocking

David Cary Hart Fedora at TQMcube.com
Thu Jan 6 03:02:53 UTC 2005


On Wed, 2005-01-05 at 21:53 -0500, Chris Ruprecht wrote:
> Hello all,
> 
> I have looked through the list archives and read the replies other have
> made about the issue - but nothing seems to fix the problem.
> 

There are numerous methods of automatically creating firewall rules from
snort. The first step, though, is to install and understand the output
from snort. http://www.snort.org

You might also want to install oinkmaster to keep the rules up to date.

> Every other morning, I read the system logs from the day before and
> there are a number of break in attempts (usually 59) to root and a few
> to a slew to other accounts.
> I would like to know if there is any program in existence that detects
> these attempts and blocks the IP address from sending anything my way
> ever again.
> I currently have 'minimum' security. I have a router set up with NAT
> translation of a few ports pointing to the server box (FC2). Most of the
> usual suspects (telnet, ftpP are pointing to non-existing machines.
> On the server, I have the firewall switched of as I do not have a clear
> understanding how to configure it properly and I just hate to find
> myself in a situation where I'm not at home and can't log in ;-).
> 
> If somebody could point me to some documents that describe in simple
> terms, how to configure the firewall properly, I'd appreciate it.
> 
> I have looked at firestarter and yes, it works - it either blocks
> traffic or it lets traffic in - but it looks a little too primitive for
> a production server. 
> 
> Thanks,
> Chris
> -- 
> Don't ask me nothin' about nothin' - I might just tell you the
> truth ... 
>                                          Bob Dylan

________________________________________________________________________
Total Quality Management - A Commitment to Excellence
http://www.TQMcube.com




More information about the fedora-list mailing list