On 5/13/05, Rob Hudson <[EMAIL PROTECTED]> wrote: > If one wanted to trap these kinds of attempts and block that IP using > ipchains, how would one do that? :) > > -Rob
Use snort http://www.snort.org/ a possible ruleset any address attempting to connect as root any address making more than two attempts to illegal user in a 5 minute window any address making more than three failed password attempts in a 30 second window set the drop timeout for 3600 seconds The details on this are going to vary depending on your OS and setup if you are using iptables you can set snort inline and use it to define and manage dynamic state. or alternatively use swatch or logwatch although those will of necessity have slower response time. -- http://Zoneverte.org -- information explained Do you know what your IT infrastructure does? _______________________________________________ EUGLUG mailing list euglug@euglug.org http://www.euglug.org/mailman/listinfo/euglug
