Date: Mon, 05 Dec 2005 11:38:22 -0700 From: Ed Stover <estover@nativenerds.com> To: Nicolas Blais <nb_root@videotron.ca> Cc: freebsd-ipfw@freebsd.org Subject: Re: Automatically add attacks to deny list? Message-ID: <4394891E.2090400@nativenerds.com> In-Reply-To: <200510031816.26658.nb_root@videotron.ca> References: <200510031816.26658.nb_root@videotron.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Nicolas Blais wrote: > Hi, > > Whenever someone tries a portscan or http server vulnerability scan on my > system, I have to manually add their ip in my /etc/ipfw.conf file such as: > add 100 deny all from xx.xxx.xxx.xxx to any > > Is there a way, without enabling blackhole, to dynamically add ips to my > blacklist after a certain packet/sec limit or some other way? > > Thanks, > Nicolas. Portsentry is probably your best bet. It is probably the easiest effective security tool I have used for doing things of this nature. It will detect port scanning and utilize tcp wrappers to block that the offending IP. Installation is a breeze, it's in security section of ports!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4394891E.2090400>