From owner-freebsd-security@FreeBSD.ORG Fri Apr 8 19:07:12 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E139E16A4CE for ; Fri, 8 Apr 2005 19:07:12 +0000 (GMT) Received: from smtp-2.llnl.gov (smtp-2.llnl.gov [128.115.250.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id B410143D45 for ; Fri, 8 Apr 2005 19:07:12 +0000 (GMT) (envelope-from carlson39@llnl.gov) Received: from CARLSON39PC01.llnl.gov (localhost [127.0.0.1]) with ESMTP id j38J7B1r020762 for ; Fri, 8 Apr 2005 12:07:12 -0700 (PDT) Message-Id: <6.1.2.0.2.20050408120501.103c99c8@mail.llnl.gov> X-Sender: carlson39@mail.llnl.gov X-Mailer: QUALCOMM Windows Eudora Version 6.1.2.0 Date: Fri, 08 Apr 2005 12:07:11 -0700 To: freebsd-security@freebsd.org From: Michael Carlson In-Reply-To: <4255D022.9040205@nsu.nova.edu> References: <200504061549.j36Fn8Y5082507@dc.cis.okstate.edu> <425406ED.5060400@withagen.nl> <4100.212.12.51.89.1112804356.squirrel@212.12.51.89> <4255D022.9040205@nsu.nova.edu> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: What is this Very Stupid DOS Attack Script? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Apr 2005 19:07:13 -0000 I would be very interested in a script/setup like this, so I second the suggestion of posting it somewhere. On a minor off topic question, has anyone gotten the linux-pam/pam_tally to work in 5.x? Due to security requirements at work I need either that or something similar. At 05:28 PM 4/7/2005, Jon Adams wrote: >Marian Hettwer wrote: > >>On Mi, 6.04.2005, 17:57, Willem Jan Withagen sagte: >> >> >>>I've build some swatch-rules that after two of these hits, I dump >>>the host into ifpw-deny space. >>> >>> >>Aye. I thought about writing a script, doing the same like yours, too. >>Could you post this script somewhere, so that I could add some >>functionality or just use it ? >> >> >This is similar to what I do... except > >I just run a cronjob every so often... daily.. weekly.. what have you.. >that will restart ipfw... probably there is a cleaner solution, but it >does the job for me.... as far as cleaning out the dozens of IPs that get >blocked for connecting to ports they shouldnt on my boxes > >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"