Hi all, I don't know how many of you come from a systems administration/*nix background but there is a really cool feature that you can use with linux iptables ( and yes I know bsd is better ... yawn ).
The feature is called portsentry and what it does is this. 1) Creates listeners on a random series of unused server ports. 2) Waits for attackers to carry out a portscan and hit this predefined series of ports. 3) Dynamically creates a firewall rule and blocks access to the server from that IP address for a predetermined period of time and logs the attempted portscan. This is good because it slows down the attacker and alerts you to the fact that someone is reconoitering your system. So 2 things that I think would be cool, as in *really* cool would be the following. Login throttling and realtime ip blacklisting ( web app specific ). a) Count the number of login attempts for a username and ip address. b) If they exceed a certain number in a certain period block all http logon attempts from that IP address for a predetermined period of time ( 1 hour ) and notify the administrator. Login throttling and realtime ip blacklisting ( server based ) a) Create a JNI library that interfaces with linux built in IPTABLES or portsentry libraries. b) Count the number of login attempts for a username and ip address. b) If they exceed a certain number in a certain period call the portsentry/iptables module and do a systemwide block on their ip address for whatever the systemwide configured block time happens to be. I know there are people who hate portsentry in the sys admin community but equally there are those who love it ( including me ) . Ben do you have any thoughts on something like this ? Incidentally I am working on my hibernate based authentication DAO and it is going well. If anyone was interested in developing the java side of things I would be more than happy to build the JNI implimentation as I think it would be a very popular feature in enterprise installations. --b ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
