Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Scriptable defense question

From: Giuseppe Fuggiano <giuseppe.fuggiano () gmail com>
Date: Fri, 15 May 2009 23:10:48 +0200
2009/5/11 Fred H <sectester () yahoo com>:


Hi All,

here is a scenario that has come up.
Lets says there is a generic server that is on a dmz, and there are many password attempts on the server.  Is there a 
tool that would allow for a tcp reset, or connection drop , or possible bar future sessions from that IP?
I am thinking of a script that parses a log, looks for repeated attempts from the same IP, and then calls a tool that 
drops the connection.

Does anyone have any ideas on this?


I successfully use fail2ban on production servers.  fail2ban can be
configured to recognize failed login attempts for many services.  If a
certaing number of attempts is reached, the IP can be banned using
iptables or tcp wrappers.

Cheers
-- 
Giuseppe Fuggiano
Linux user #483710

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: