[COLUG] snort does what?

Thomas J. Noe tnoe at mailsnare.net
Tue Feb 13 00:50:33 EST 2007 

On Sunday 11 February 2007 12:00, Vince Herried wrote:
> I've peeked at the overview, doesn't help much.
>
>
> Occasionally I like to open my ftp port for non-anonymous access.
> The other day I had left if open for a few days and someone started beating
> on it for several hours trying to guess a userid and password.
>
> Some time ago there was a thread here about ad hock tools that would
> block access by IP address (which seemed to me to be a wasted effort).
>
> Will someting like snort or some other tool block
> attempts by IP address? What I'm thinking is if they put the entry
> in an easily accessable place (database) so one could purge the entries
> after a week or month or ...
>
> My guess is that when the door slams shut quickly, the cracker  will just
> find another place to play.
>
> So the short of it...
> a tool that will watch for attempts against ports 20,21,23,80
> and selectively slam to door shut with out creating a huge
> file of every IP address in Korea,...
>
> Is that tool snort?
>
> I'll go back to reading about snort some more but I don't want to have to
> learn yet another language and spend several dozen hours....
>

The tool I use for this is DenyHosts. I use it specifically for port 22 (SSH), 
but you can use it for any port. It has a great number of configuration 
items, and it can also be set up to email you anytime it has blocked an 
address. I have found it to be VERY effective in mitigating attacks against 
my server.

-- 

Best wishes,
    Tom

E: tnoe AT mailsnare DOT net
B: tom.noe AT mycingular DOT blackberry DOT net
P: tomnoe AT cingularme DOT com

PGP keyID 0x938FFB9A
gpg --keyserver pgp.mit.edu --recv-keys 938FFB9A
MOTD: find / -name \*yourbase\* -exec chown us:us {} \;

------------------------------------------------
The information contained in this message is intended for anyone
who receives it, either intentionally or not. If the reader of this
message is tall, good looking, and has a moderately pleasant dis-
position in life, please feel free to contact me at your convenience.
You certainly haven't received this document in error. I really
couldn't care less if you review, disseminate, distribute, or copy
this message: it is actively encouraged. If you have received
this communication in error, especially if you fit the description
above, please notify me immediately, and make sure to include a
compromising photo of yourself in your reply.

More information about the colug432 mailing list