|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Giuseppe Fuggiano (giuseppe.fuggiano
gmail.com)
Date: Fri May 15 2009 - 16:10:48 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
2009/5/11 Fred H <sectesteryahoo.com>:
>
> Hi All,
>
> here is a scenario that has come up.
> Lets says there is a generic server that is on a dmz, and there are many password attempts on the server. Is there a tool that would allow for a tcp reset, or connection drop , or possible bar future sessions from that IP?
> I am thinking of a script that parses a log, looks for repeated attempts from the same IP, and then calls a tool that drops the connection.
>
> Does anyone have any ideas on this?
I successfully use fail2ban on production servers. fail2ban can be
configured to recognize failed login attempts for many services. If a
certaing number of attempts is reached, the IP can be banned using
iptables or tcp wrappers.
Cheers
--
Giuseppe Fuggiano
Linux user #483710
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]