NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Pen-test> 2009-05

RE: Scriptable defense question

From: Jeremi Gosney (Jeremi.Gosneymotricity.com)
Date: Thu May 14 2009 - 19:31:27 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If I understand your question, sshit will do what you want : http://anp.ath.cx/sshit/

- -----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com] On Behalf Of Fred H
Sent: Monday, May 11, 2009 10:13 AM
To: pen-testsecurityfocus.com
Subject: Scriptable defense question

Hi All,

here is a scenario that has come up.
Lets says there is a generic server that is on a dmz, and there are many password attempts on the server. Is there a tool that would allow for a tcp reset, or connection drop , or possible bar future sessions from that IP?
I am thinking of a script that parses a log, looks for repeated attempts from the same IP, and then calls a tool that drops the connection.

Does anyone have any ideas on this?

Fred Hamilton
Information Security Analyst 2
Financial Sector

- ------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
- ------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkoMt94ACgkQIBHDN8vm6zvhLgCfb2xxy+GggZxvTXJOchwZChPq
y94AoJRypUFKRVPXNe4957Podj/32f1a
=PLxl
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]