Greets all, I am trying to figure out the IDS ban plugin for the firewall.
I've been told it was similar to fail2ban, however, I have yet to understand how to define a statement for (whatever program/plugin) to ban an IP for a given length of time when the log on the main page states: AIF:IDS violation: IN=eth1 OUT= MAC=00:e0:c5:6a:7e:c4:00:01:5c:3e:b2:41:08:00 SRC=70.67.206.31 DST=[my IP] LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=27721 DF PROTO=TCP SPT=55260 DPT=38438 WINDOW=8192 RES=0x00 SYN URGP=0 for repeat offenders and IDS is supposed to do something, it does not. It simply displays the AIF:IDS violation. In /mnt/kd/blocked-hosts, when I enter either the host IP, or the network/CIDR of the offender, such in this case, 70.67.206.0/24, I will never see the address in the messages log trying to access my stuff again. How do I have (whatever it is I need) add that IP address to the blocked-hosts file? I am not interested in a temp ban, as I have blocked IPs for a given time, unblocked them, only to find the same IP trying to get into my stuff. Please advise. ~Benjamin ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
