[XCSSA] Logging & dynamic firewall program(s)

xcssa@xcssa.org xcssa@xcssa.org
22 Oct 2007 12:26:57 -0500 

--=-XPrF5H+HlA8BqsytUGcx
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Hi everyone,

I believe I remember some people on this list talking about a program
that monitors the logs and dynamically configures the IPTables firewall
to stop attacks.  But I don't remember what programs were in the
discussion.

I've got about a dozen linux servers I'm responsible for that have a bug
in an overlay authentication module.  Any heavy attack (like a
dictionary attack) on any service breaks the  module.  After that, no
one can POP their mail, FTP in, or do anything else.  And since this is
a overlay authentication program (on top of Centos), I can't find a way
to restart it/fix it.  The only repair I've found that works reliably is
to reboot the server.  Its gotten to be a real PIA with all these
script-kiddies running hack attempts these days.

Can anyone suggest a dynamic blocking program to put an end to hacking
attempts and crashes in the authentication module.  At least, it will
put an end to this until the coders fix the authentication module...

Thanks everyone.



Chuck






--=-XPrF5H+HlA8BqsytUGcx
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
  <META NAME="GENERATOR" CONTENT="GtkHTML/1.0.4">
</HEAD>
<BODY>
Hi everyone,
<BR>

<BR>
I believe I remember some people on this list talking about a program that monitors the logs and dynamically configures the IPTables firewall to stop attacks.&nbsp; But I don't remember what programs were in the discussion.
<BR>

<BR>
I've got about a dozen linux servers I'm responsible for that have a bug in an overlay authentication module.&nbsp; Any heavy attack (like a dictionary attack) on any service breaks the&nbsp; module.&nbsp; After that, no one can POP their mail, FTP in, or do anything else.&nbsp; And since this is a overlay authentication program (on top of Centos), I can't find a way to restart it/fix it.&nbsp; The only repair I've found that works reliably is to reboot the server.&nbsp; Its gotten to be a real PIA with all these script-kiddies running hack attempts these days.
<BR>

<BR>
Can anyone suggest a dynamic blocking program to put an end to hacking attempts and crashes in the authentication module.&nbsp; At least, it will put an end to this until the coders fix the authentication module...
<BR>

<BR>
Thanks everyone.
<BR>

<BR>

<BR>

<BR>
Chuck
<BR>

<BR>

<BR>

<BR>

<BR>

</BODY>
</HTML>

--=-XPrF5H+HlA8BqsytUGcx--