[XCSSA] Logging & dynamic firewall program(s)
xcssa@xcssa.org
xcssa@xcssa.org
Mon, 22 Oct 2007 12:43:02 -0500
Chuck, on our outward facing servers for the dictionary SSH attacks, I
use DenyHosts.
On 22 Oct 2007 12:26:57 -0500, xcssa-admin@xcssa.org
<xcssa-admin@xcssa.org> wrote:
>
> Hi everyone,
>
> I believe I remember some people on this list talking about a program that
> monitors the logs and dynamically configures the IPTables firewall to stop
> attacks. But I don't remember what programs were in the discussion.
>
> I've got about a dozen linux servers I'm responsible for that have a bug in
> an overlay authentication module. Any heavy attack (like a dictionary
> attack) on any service breaks the module. After that, no one can POP their
> mail, FTP in, or do anything else. And since this is a overlay
> authentication program (on top of Centos), I can't find a way to restart
> it/fix it. The only repair I've found that works reliably is to reboot the
> server. Its gotten to be a real PIA with all these script-kiddies running
> hack attempts these days.
>
> Can anyone suggest a dynamic blocking program to put an end to hacking
> attempts and crashes in the authentication module. At least, it will put an
> end to this until the coders fix the authentication module...
>
> Thanks everyone.
>
>
>
> Chuck
>
>
>
>
>
--
Jeremy Mann
jeremy@biochem.uthscsa.edu
University of Texas Health Science Center
Bioinformatics Core Facility
http://www.bioinformatics.uthscsa.edu
Phone: (210) 567-2672