[COLUG] snort does what?
Travis Sidelinger
travis at ilive4code.net
Tue Feb 13 04:59:47 EST 2007
You experiences with snort could make a good colug presentation.
Thomas J. Noe wrote:
> On Sunday 11 February 2007 12:00, Vince Herried wrote:
>
>> I've peeked at the overview, doesn't help much.
>>
>>
>> Occasionally I like to open my ftp port for non-anonymous access.
>> The other day I had left if open for a few days and someone started beating
>> on it for several hours trying to guess a userid and password.
>>
>> Some time ago there was a thread here about ad hock tools that would
>> block access by IP address (which seemed to me to be a wasted effort).
>>
>> Will someting like snort or some other tool block
>> attempts by IP address? What I'm thinking is if they put the entry
>> in an easily accessable place (database) so one could purge the entries
>> after a week or month or ...
>>
>> My guess is that when the door slams shut quickly, the cracker will just
>> find another place to play.
>>
>> So the short of it...
>> a tool that will watch for attempts against ports 20,21,23,80
>> and selectively slam to door shut with out creating a huge
>> file of every IP address in Korea,...
>>
>> Is that tool snort?
>>
>> I'll go back to reading about snort some more but I don't want to have to
>> learn yet another language and spend several dozen hours....
>>
>>
>
> The tool I use for this is DenyHosts. I use it specifically for port 22 (SSH),
> but you can use it for any port. It has a great number of configuration
> items, and it can also be set up to email you anytime it has blocked an
> address. I have found it to be VERY effective in mitigating attacks against
> my server.
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> colug432 mailing list colug432 at colug.net
> http://www.colug.net/mailman/listinfo/colug432
>
More information about the colug432
mailing list