[XCSSA] Logging & dynamic firewall program(s)
xcssa@xcssa.org
xcssa@xcssa.org
Mon, 22 Oct 2007 13:20:02 -0500
On 22 Oct 2007 13:13:48 -0500, xcssa-admin@xcssa.org
<xcssa-admin@xcssa.org> wrote:
> Most of the hacks I'm dealing with these days are FTP and POP3. The same
> authentication module controls them as SSH and it breaks with a sustained
> hack attempt. So, I'd like to put some dynamic firewall package in place
> while waiting on the fix to the authentication module.
DenyHosts works for anything that uses tcp_wrappers including POP3 and
FTP. Its just commonly used for SSH. Change:
BLOCK_SERVICE = sshd
to
BLOCK_SERVICE = ALL
Another function I see is the ability to write the offending host to a
file and do nothing. You could then parse this file and add it to an
existing iptables table.
--
Jeremy Mann
jeremy@biochem.uthscsa.edu
University of Texas Health Science Center
Bioinformatics Core Facility
http://www.bioinformatics.uthscsa.edu
Phone: (210) 567-2672