Date: Sat, 15 Sep 2001 08:02:46 -0500 From: D J Hawkey Jr <hawkeyd@visi.com> To: security at FreeBSD <freebsd-security@freebsd.org> Subject: portsentry's stealth mode - works under fBSD with ipf? Message-ID: <20010915080246.A67204@sheol.localdomain>
next in thread | raw e-mail | index | archive | help
Hi.
I've been tinkering with dynamic "blacklisting" of source IPs, using
psionic's logtail utility and a cron'd shell script. It works well, but
I was wondering if it might be better to use their portsentry utility.
portsentry's docs says it's stealth mode only works under Linux; is this
true?
By way of further explanation, the cron'd script analyzes the read in
log entries for blocked source IPs that either hit on the box a smallish
number of times, each hit within a defined frequency (port scans and DOS
attempts), or hit on the box at all a larger number of times (for more
general idiocies).
If all of portsentry's features work under FreeBSD with ipf, I'd try my
hand at merging the script's analyses into portsentry. Or, merge that
logic into ipmon?
Dave
--
______________________ ______________________
\__________________ \ D. J. HAWKEY JR. / __________________/
\________________/\ hawkeyd@visi.com /\________________/
http://www.visi.com/~hawkeyd/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010915080246.A67204>