You might want to take a look at Psionic's stuff at http://www.psionic.com Their Abacus suite is pretty sweet (: and it is extremely configurable. Portsentry, Hostsentry and Logchecker are the three items. HTH, Geordon
>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
Hi folks, over the last months we learned that lots of idiots outside on the net are systematically looking for ftp-servers allowing anonymous access. I say systematically, because our logs show as many access-tries as IPs are served by our system. If this would happen once or twice, well, nothing to worry about. But this happens nearly once (sometimes twice) in 3 days. Besides the traffic generated by this (and this is traffic we have to pay for) I'm not really amused by it, because maybe they are checking which ftp-server is running and then try to get into the system by using some security-hole(s). These are the facts. Now my question: Is there any way to prevent this ? Maybe by a program
On 10/18/00, 9:33:40 AM, "OKDesign oHG Security Webmaster"
checks the source-IP of accesses and denies any more accesses to the system at all originating from this IP for maybe 30 minutes or something similar. So these people won't get any more responses from the system for some time. Is there any script/program able to do this ? Or is there any other program that prevents those ftpd-scans using any other method ? Any help would be greatly appreciated.
Oh, BTW, I'm also looking for some tool which outputs the whole traffic for all IPs within a defined range for some period of time (daily or something). All these IPs are served by the same system (virtual NICs). I already took a look at the programs that came with SuSE 7.0, but couldn't find anything. Any ideas, URLs, or something ?
Thanks in advance.
--- Stephan
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com