From: William Perry <wlperry@williamperry.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: Looking for automation scripts
Date: Sat, 06 Jan 2007 15:20:19 -0800 [thread overview]
Message-ID: <45A02EB3.60102@williamperry.com> (raw)
In-Reply-To: <0dd44240578edb703165547e121ceb7c@afm-koeln.de>
See http://fut.patch.com
I am planning and working on an extension to fut that will permit
sysadmins to share the ip's of idiots.
William Perry
cm@afm-koeln.de wrote:
> Am 06.01.2007 um 16:27 schrieb Michael Rash:
>
>> On Jan 06, 2007, Jan Engelhardt wrote:
>>
>>>> I've seen a few references here to scripts that monitor attacks and
>>>> dynamically update iptables rules to knock down the attacks. Can
>>>> anyone
>>>> provide some good research starting points or sample scripts that
>>>> they use?
>>>
>>> denyhosts.sf.net?
>>
>> While denyhosts is a good concept, I question whether it provides a real
>> security benefit. If a new remotely exploitable vulnerability is
>> discovered in OpenSSH (or other ssh implementation) it will most likely
>> have nothing to do with trying to brute force passwords. Doing a quick
>> search through http://www.securityfocus.com/bid/ turns up recent SSH
>> security issues (not necessarily highly critical, but it is only a
>> matter of time).
>
> .. its recommendable as a second instance of a "firewall" framework.
>
> --
>
> This sounds also good: http://fail2ban.sourceforge.net
>
> Best Regards
>
> CM
>
>
>
next prev parent reply other threads:[~2007-01-06 23:20 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-05 19:44 Looking for automation scripts Tim Heagarty
2007-01-05 19:48 ` Dimitri Yioulos
2007-01-05 21:20 ` Jan Engelhardt
2007-01-06 5:05 ` markee
2007-01-06 7:00 ` Andrew
2007-01-06 14:35 ` Jan Engelhardt
2007-01-06 15:27 ` Michael Rash
[not found] ` <0dd44240578edb703165547e121ceb7c@afm-koeln.de>
2007-01-06 23:20 ` William Perry [this message]
-- strict thread matches above, loose matches on Subject: below --
2007-01-06 14:55 Tim Evans
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45A02EB3.60102@williamperry.com \
--to=wlperry@williamperry.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox