From: Jeffrey Walton (noloadergmail.com)
Date: Thu May 14 2009 - 14:09:53 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Fred,

> Is there a tool that would allow for a tcp reset, or
> connection drop, or possible bar future sessions from that IP?
> ...I am thinking of a script that parses a log,
I believe this would be dangerous in the Windows world. The events of
interest are 539 [1] and friends in the Security log. I don't believe
it is a good idea to allow a script access to the log, which usually
has a fairly tight ACL. The scenario is an attacker could [more]
easily wipe the log to cover their tracks.

With that said, there may be something out there that does what you want.

Jeff

[1] http://www.eventid.net/display.asp?eventid=539&source=Security

On 5/11/09, Fred H <sectesteryahoo.com> wrote:
>
> Hi All,
>
> here is a scenario that has come up.
> Lets says there is a generic server that is on a dmz, and there are many password attempts on the server. Is there a tool that would allow for a tcp reset, or connection drop , or possible bar future sessions from that IP?
> I am thinking of a script that parses a log, looks for repeated attempts from the same IP, and then calls a tool that drops the connection.
>
> Does anyone have any ideas on this?
>
> Fred Hamilton
> Information Security Analyst 2
> Financial Sector
>
> [SNIP]

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]