NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Pen-test> 2009-05

Re: Scriptable defense question

From: scott (redhowlingwolvesnc.rr.com)
Date: Thu May 14 2009 - 15:08:15 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Christian Eric Edjenguele wrote:
>
> if you are able to parse the log, if your loggin in xml for example you
> can use a sax parser or whatever you prefer, then call iptables to
> filter connection to the host. iptables is powerful and very scriptable.
>
> cheers
>
> Fred H wrote:
>> Hi All,
>>
>> here is a scenario that has come up.
>> Lets says there is a generic server that is on a dmz, and there are
>> many password attempts on the server. Is there a tool that would
>> allow for a tcp reset, or connection drop , or possible bar future
>> sessions from that IP?
>> I am thinking of a script that parses a log, looks for repeated
>> attempts from the same IP, and then calls a tool that drops the
>> connection.
>>
>> Does anyone have any ideas on this?
>> Fred Hamilton
>> Information Security Analyst 2
>> Financial Sector
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>> This list is sponsored by: Information Assurance Certification Review
>> Board
>>
>> Prove to peers and potential employers without a doubt that you can
>> actually do a proper penetration test. IACRB CPT and CEPT certs
>> require a full practical examination in order to become certified.
>> http://www.iacertification.org
>> ------------------------------------------------------------------------
>>
>
>

If you are running a *nix, try psad.

Scott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkoMeicACgkQFQICCHwe04JqaACguxQ5ILHAY5gXJ2dFoF5ixfqn
1ZAAniJaJR4btp7WKmnh5fSGpT5axqOn
=5YYe
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]