Penetration Testing mailing list archives

Re: Scriptable defense question

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Fri, 15 May 2009 10:23:02 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You mention "there are many password attempts on the server", are youtalking passwd attempts to log into the server directly, or are youtalking about logging into an application on the server. these aredifferent issues and managed differently. can you clarify the scenario?


Thanks,

Ron DuFresne


On Mon, 11 May 2009, Fred H wrote:


Hi All,

here is a scenario that has come up.
Lets says there is a generic server that is on a dmz, and there are many password attempts on the server.  Is there a 
tool that would allow for a tcp reset, or connection drop , or possible bar future sessions from that IP?
I am thinking of a script that parses a log, looks for repeated attempts from the same IP, and then calls a tool that 
drops the connection.

Does anyone have any ideas on this?

Fred Hamilton
Information Security Analyst 2
Financial Sector






------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

- --~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

These things happened. They were glorious and they changed the world...,
and then we fucked up the endgame.    --Charlie Wilson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFKDXrJst+vzJSwZikRAvW2AKCTbn0e1lbeelTf4KT/AnXXDOt7ZQCgq0GK
QKhWXt7+yZNnAoJtyhVvR5o=
=qvX3
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Scriptable defense question Fred H (May 14)
- Re: Scriptable defense question Christian Eric Edjenguele (May 14)
  - Re: Scriptable defense question scott (May 14)
    - RE: Scriptable defense question David_Falloon (May 15)
- RE: Scriptable defense question Gostomelsky, Vladislav (May 14)
- Re: Scriptable defense question Jeffrey Walton (May 14)
- Re: Scriptable defense question Christopher (May 14)
- Re: Scriptable defense question Kurt Buff (May 14)
- RE: Scriptable defense question Jeremi Gosney (May 15)
- Re: Scriptable defense question R. DuFresne (May 15)
- Re: Scriptable defense question Giuseppe Fuggiano (May 15)