Re: How to keep record of repeat attackers?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Joel Newkirk <netfilter@newkirk.us>
To: George Chacon <please.help.me@comcast.net>,
	Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: Re: How to keep record of repeat attackers?
Date: Wed, 12 Mar 2003 22:24:55 -0500	[thread overview]
Message-ID: <200303122224.55297.netfilter@newkirk.us> (raw)
In-Reply-To: <PKEJLPJCFBFLJJPHMGPIGEBBCAAA.please.help.me@comcast.net>

On Wednesday 12 March 2003 08:20 pm, George Chacon wrote:
> Hi,
>
> I'm an iptables newbie, and have a question about logging repeat
> offenders. Is it possible to have my firewall box remember incoming IP
> addresses, and generate a report showing which attackers keep coming
> back?
>
> Thank you,
>
> George Chacon

With iptables there are only two ways to do record information (apart 
from simply the packet/byte counts that match each rule):  the LOG 
target (formatted header information, basically, written to syslog) or 
the ULOG target with an external accounting package.

Your first problem is defining "offenders", then "repeat offenders" and 
"attackers".  Do you mean simply to track everyone who attempts to 
connect to you?  I presume you don't expect much if any legitimate 
incoming NEW traffic if this is the intent?

You might also want to look at http://ntop.org .  I've had it running on 
my gateway for about a week now, and am delighted by the depth of detail 
and the variety of views it offers.  Network load, protocol 
distribution, etc are available along with per-IP information on 
everyone who has connected, tracking when they've connected, what 
protocols, bad packets, and much more.

j

next prev parent reply	other threads:[~2003-03-13  3:24 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-03-13  1:20 How to keep record of repeat attackers? George Chacon
2003-03-13  3:24 ` Joel Newkirk [this message]
2003-03-13  7:19   ` George Chacon
2003-03-13  7:40     ` Joel Newkirk
2003-03-13  8:50       ` George Chacon
2003-03-13  9:19         ` Eric Leblond
2003-03-13 15:46           ` George Chacon
2003-03-13 19:34     ` Bill Davidsen
2003-03-13 20:29       ` Aldo S. Lagana
  -- strict thread matches above, loose matches on Subject: below --
2003-03-14 16:50 George Chacon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200303122224.55297.netfilter@newkirk.us \
    --to=netfilter@newkirk.us \
    --cc=netfilter@lists.netfilter.org \
    --cc=please.help.me@comcast.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.