This might be of interest: http://www.fail2ban.org/wiki/index.php/Main_Page Basically, it detects hack attempts and locks off the offending IP address for about five minutes by modifying firewall rules. I've only started looking at it myself, but I know others that use it and it seems to work well. Bill Smith Fall River, MA Charter Member of LOPSA On Tue, Sep 30, 2008 at 8:03 PM, Alex Camilo <alex.camilo@gmail.com> wrote:
assuming the set of attacker IPs is finite. could you keep a running log of IPs discard duplicates and add it to a block list for the duration of the attack?
On Tue, Sep 30, 2008 at 4:07 PM, Chuck Anderson <cra@wpi.edu> wrote:
On Tue, Sep 30, 2008 at 03:54:52PM -0400, Alex Camilo wrote:
<clueless_newbie>just out of curiosity. Could this be an attack from some sort of botnet? would that explain the different IPs?
Yes
or is he forging packets? </clueless_newbie>
Unlikely _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug