Benjamin, The ids-protection plugin is not like fail2ban, our adaptive-ban plugin is like fail2ban.
The ids-protection plugin uses iptable's "recent" module, google will help understand how that works. Only relatively short term ban persistence as I understand it. The adaptive-ban plugin ban persistence is until the next time the firewall is restarted, and then it will reapply any bans as per the current /var/log/messages log. Lonnie On Mar 1, 2014, at 9:10 PM, Benjamin Naber wrote: > Greets all, > > I am trying to figure out the IDS ban plugin for the firewall. > > I've been told it was similar to fail2ban, however, I have yet to > understand how to define a statement for (whatever program/plugin) to > ban an IP for a given length of time when the log on the main page > states: > > AIF:IDS violation: IN=eth1 OUT= > MAC=00:e0:c5:6a:7e:c4:00:01:5c:3e:b2:41:08:00 SRC=70.67.206.31 DST=[my > IP] LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=27721 DF PROTO=TCP SPT=55260 > DPT=38438 WINDOW=8192 RES=0x00 SYN URGP=0 > > for repeat offenders and IDS is supposed to do something, it does not. > It simply displays the AIF:IDS violation. > > In /mnt/kd/blocked-hosts, when I enter either the host IP, or the > network/CIDR of the offender, such in this case, 70.67.206.0/24, > I will never see the address in the messages log trying to access my > stuff again. > > How do I have (whatever it is I need) add that IP address to the > blocked-hosts file? > > I am not interested in a temp ban, as I have blocked IPs for a given > time, unblocked them, only to find the same IP trying to get into my > stuff. > > Please advise. > > ~Benjamin ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
