|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
David_Falloon
kaltire.com
Date: Thu May 14 2009 - 18:53:58 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
You could also use OSSEC ( www.ossec.net ).
--D
> -----Original Message-----
> From: listbouncesecurityfocus.com
> [mailto:listbouncesecurityfocus.com] On Behalf Of scott
> Sent: Thursday, May 14, 2009 1:08 PM
> To: pen-testsecurityfocus.com
> Subject: Re: Scriptable defense question
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Christian Eric Edjenguele wrote:
> >
> > if you are able to parse the log, if your loggin in xml for example
> > you can use a sax parser or whatever you prefer, then call
> iptables to
> > filter connection to the host. iptables is powerful and
> very scriptable.
> >
> > cheers
> >
> > Fred H wrote:
> >> Hi All,
> >>
> >> here is a scenario that has come up.
> >> Lets says there is a generic server that is on a dmz, and
> there are
> >> many password attempts on the server. Is there a tool that would
> >> allow for a tcp reset, or connection drop , or possible bar future
> >> sessions from that IP?
> >> I am thinking of a script that parses a log, looks for repeated
> >> attempts from the same IP, and then calls a tool that drops the
> >> connection.
> >>
> >> Does anyone have any ideas on this?
> >> Fred Hamilton
> >> Information Security Analyst 2
> >> Financial Sector
> >>
> >>
> >>
> >>
> >>
> >>
> ---------------------------------------------------------------------
> >> --- This list is sponsored by: Information Assurance Certification
> >> Review Board
> >>
> >> Prove to peers and potential employers without a doubt
> that you can
> >> actually do a proper penetration test. IACRB CPT and CEPT certs
> >> require a full practical examination in order to become certified.
> >> http://www.iacertification.org
> >>
> ---------------------------------------------------------------------
> >> ---
> >>
> >
> >
>
> If you are running a *nix, try psad.
>
> Scott
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkoMeicACgkQFQICCHwe04JqaACguxQ5ILHAY5gXJ2dFoF5ixfqn
> 1ZAAniJaJR4btp7WKmnh5fSGpT5axqOn
> =5YYe
> -----END PGP SIGNATURE-----
>
> --------------------------------------------------------------
> ----------
> This list is sponsored by: Information Assurance
> Certification Review Board
>
> Prove to peers and potential employers without a doubt that
> you can actually do a proper penetration test. IACRB CPT and
> CEPT certs require a full practical examination in order to
> become certified.
>
> http://www.iacertification.org
> --------------------------------------------------------------
> ----------
>
>
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]