Date: Sat, 15 Sep 2001 08:02:46 -0500 From: D J Hawkey Jr <hawkeyd@visi.com> To: security at FreeBSD <freebsd-security@freebsd.org> Subject: portsentry's stealth mode - works under fBSD with ipf? Message-ID: <20010915080246.A67204@sheol.localdomain>
next in thread | raw e-mail | index | archive | help
Hi. I've been tinkering with dynamic "blacklisting" of source IPs, using psionic's logtail utility and a cron'd shell script. It works well, but I was wondering if it might be better to use their portsentry utility. portsentry's docs says it's stealth mode only works under Linux; is this true? By way of further explanation, the cron'd script analyzes the read in log entries for blocked source IPs that either hit on the box a smallish number of times, each hit within a defined frequency (port scans and DOS attempts), or hit on the box at all a larger number of times (for more general idiocies). If all of portsentry's features work under FreeBSD with ipf, I'd try my hand at merging the script's analyses into portsentry. Or, merge that logic into ipmon? Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010915080246.A67204>