[K12OSN] howto temporary block badguy?
Jim Hays
haysja at sages.us
Wed Jul 28 19:48:17 UTC 2004
Snort/Acid/Guardian. The Guardian component is the one that blocks the
machine. Snort logs the attack. Acid makes the logs easier to read and
Guardian blocks the offender for 24 hours.
Read this article for more.
http://www.dummies.com/WileyCDA/DummiesArticle/id-2532,subcat-NETWORKING.html
Read the blurb on Guardian.
dale wrote:
> Hello,
> I would like to temporarily block various machines that connect to
> my server based on certain events. For instance, if a machine
> connects to my mail server and sends a virus 3 times in a 15 minute
> window, block that machine via iptables for 24 hours. The same goes
> for machines that look for IIS exploits, open ports, etc.
> Does anyone have a pointer to a project similar to this?
> Is there a good reason not to block a machine?
> Would you adjust occurance/time trigger or block time?
>
>
> Thanks,
>
> Dale
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
>
More information about the K12OSN
mailing list