Results 1 to 6 of 6
Some of you will be familiar with apf and bfd firewall tools from rfxnetworks .
I'd like to script something similar to bfd which would allow firewalls generated with fwbuilder ...
- 12-03-2007 #1Linux Enthusiast
- Join Date
- Aug 2006
- Location
- Portsmouth, UK
- Posts
- 539
Open Source Project, maybe
Some of you will be familiar with apf and bfd firewall tools from rfxnetworks.
I'd like to script something similar to bfd which would allow firewalls generated with fwbuilder to benefit from brute force attack detection.
What I'm after here is your opinions/views on setting out the criterion to select hosts to ban before I submit the project to SourceForge.
"My" primary concern for BF detection is ssh as my home box is constantly bombarded with attacks, I'm not particularly worried as it only accepts keys for login authentication, I would like to block the offending IP's automatically all the same.
And lastly, anyone else interested in participating in the project?RHCE #100-015-395
Please don't PM me with questions as no reply may offend, that's what the forums are for.
- 12-04-2007 #2Linux Engineer
- Join Date
- Aug 2007
- Location
- The Netherlands
- Posts
- 1,422
- 12-04-2007 #3Linux Enthusiast
- Join Date
- Aug 2006
- Location
- Portsmouth, UK
- Posts
- 539
Hi Robin,Well to do something like this. There are already lots of tools/ways.
So what do you want to do that is Diffrent?
You can use PAM Modules that only allow three logins and then Block a IP..
Hope that does answer you a little
I used to use bfd and apf, vrey simple and very effective. However my prefered FW tool of the moment is FW builder and I do miss the BFD element.
Many moons ago a I worte (albeit, lame) php script that would intercept the NCR worm attacking my apache servers, then go figure out who the domain belongs to, email the offending domains admin alterting them to the infection and then block the ip address.
So this little project would follow the same path, deal with the offending IP, alert the domain admin and possibly report directly to IANA.
The area "I" would deal with first is ssh as it just anoys me
There is no reason not to analyse other potential breakin attempts from various logs and take actions on those as well.RHCE #100-015-395
Please don't PM me with questions as no reply may offend, that's what the forums are for.
- 12-04-2007 #4Linux Engineer
- Join Date
- Aug 2007
- Location
- The Netherlands
- Posts
- 1,422
- 12-04-2007 #5Linux Enthusiast
- Join Date
- Aug 2006
- Location
- Portsmouth, UK
- Posts
- 539
Pending approval on SourceForge
RHCE #100-015-395
Please don't PM me with questions as no reply may offend, that's what the forums are for.
- 12-04-2007 #6Linux Engineer
- Join Date
- Aug 2007
- Location
- The Netherlands
- Posts
- 1,422
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts