[XCSSA] Logging & dynamic firewall program(s)
xcssa@xcssa.org
xcssa@xcssa.org
Mon, 22 Oct 2007 20:04:04 -0500
Well, ideally, could set up a box at the gateway using
http://www.subspacefield.org/~travis/dfd/
Alternately, could do a proxy relay through aformationed box,
otherwise, deny connection.
On 22 Oct 2007 12:26:57 -0500, xcssa-admin@xcssa.org
<xcssa-admin@xcssa.org> wrote:
>
> Hi everyone,
>
> I believe I remember some people on this list talking about a program that
> monitors the logs and dynamically configures the IPTables firewall to stop
> attacks. But I don't remember what programs were in the discussion.
>
> I've got about a dozen linux servers I'm responsible for that have a bug in
> an overlay authentication module. Any heavy attack (like a dictionary
> attack) on any service breaks the module. After that, no one can POP their
> mail, FTP in, or do anything else. And since this is a overlay
> authentication program (on top of Centos), I can't find a way to restart
> it/fix it. The only repair I've found that works reliably is to reboot the
> server. Its gotten to be a real PIA with all these script-kiddies running
> hack attempts these days.
>
> Can anyone suggest a dynamic blocking program to put an end to hacking
> attempts and crashes in the authentication module. At least, it will put an
> end to this until the coders fix the authentication module...
>
> Thanks everyone.
>
>
>
> Chuck
>
>
>
>
>