by Chri » Wed, 09 Oct 2002 09:16:32
- this host try to open more than 10 connections in one hour to any available service.
- try to use pop-3/ftp and authentication fail more than 5 times.
- this host is source of icmp flooding/fragments
- use spoofed IP's
- try any other known-attack
Similar I would like that this host to be removed automatically after 1 to 7 days from the deny list.
Please help,
Thank you,
Chris
by George B. Magklara » Wed, 09 Oct 2002 21:33:54
> - this host try to open more than 10 connections in one hour to any available service.
> - try to use pop-3/ftp and authentication fail more than 5 times.
> - this host is source of icmp flooding/fragments
> - use spoofed IP's
> - try any other known-attack
> Similar I would like that this host to be removed automatically after 1 to 7 days from the deny list.
> Please help,
> Thank you,
> Chris
You are describing typical response requirements that can be initiated by Intrusion Detection Systems.
Commercial IDS systems (expensive) can provide a click and drag style for enforcing these rules but they
cost a lot.
Have a look at 'portsentry' instead. This tool can dynamically modify your firewall rules controlled by
the IPTABLES/IPCHAINS rules and when combined with a little bit of scripting (BASH, PERL) can do
wonders!
There are plenty of WWW documents that you could use as a starting point. Try
http://online.securityfocus.com/infocus/1580 for instance or have a look at the 'portsentry'
documentation.
Regards,
--
---
######################################
# George B. Magklaras #
# Computer Systems Administrator #
# ---- #
# The Biotechnology Centre of Oslo #
# Gaustadalleen 21 #
# P.O. BOX 1125, Blindern, N-0317 #
# Oslo, Norway #
# Tel: +47 - 22 84 05 35 #
# Fax: +47 - 22 84 05 01 #
######################################
Hello,
I need to have a dynamic firewall. Basically I need to be able
to open up a few ports to play some DirectX games through the internet
and not leave those ports open forever. My server is currently acting as
a fileserver, webserver and IPMASQing firewall. I just need to be able
to open up the DirectX internet gaming ports and then be able to close
them up once I am finished with playing the games that I wish to run. I
have read the ipchains man page and it is not very clear at how to open
up a handfull of ports for the network and then also close those ports
up again later. I do not mind if I need to bring my internet connection
down briefly in order to setup the new rules. I just need something that
is secure and able to to be dynamically altered based on my needs. Any
help will be greatly appreciated.
Thanks in advance,
Robert A. Adkins II
2. Second try: help on 4.4 pcic?
4. PAM Help
5. help: user and ipchains ( dynamic firewall )
7. Dynamic firewall for roamin access
8. Proble with telnet from win95 to linux
9. Dynamic firewall through masq?
10. a free software dynamic Firewall gateway for MICO & alike ?
11. Dynamic firewall
12. Stateful firewalls and dynamic routing question.
13. Firewall with Dynamic IP's??