Hardening FC3 webserver against intruders
Mike Klinke
lsomike at futzin.com
Thu Feb 3 14:30:04 UTC 2005
On Thursday 03 February 2005 07:08, Bob Brennan wrote:
>
> My question is - is there anything I can set up to shut down the
> repeated attempts from the same (different every day) IP? The
> obvious choice would be to deny connections to IP address a.b.c.d
> after x number of failed login attempts for y period of time,
> where I would set x=3 and y=10 minutes.
>
> Basically I'm looking for toad-proofing.
> Is there such a thing and where would I look for it?
>
> Thanks in advance,
> bob
You might want to take a look at "snort": www.snort.org. It's an
intrusion detection system that has the ability to reject/drop
connections based on packet rules. Two features named FLEXRESP and
INLINE may help you.
If you are using ftp via xinetd you can also use the SENSOR function
to block various IP addresses if they are scanning other ports too.
See http://www.web-insights.net/xinetd/xinetd-sensors.html for a
description of this technique.
Regards, Mike Klinke
More information about the users
mailing list