At 03:01 AM 3/10/00 , Wellington Terumi Uemura wrote:
>If we put a prog to check our systems ( servers ) like portsentry,iplogger
>or whatever and create a script or program to filter this logs,grab the
>attackers IP, and auto-generate ipchains rules against the intruder???
Portsentry already does something like this. You can tell it to drop route
when it detects a scan and it will add a route from the attacker's IP to a
valid, unused IP address you specify. To the attacker, your Linux box
suddenly disappeared because all his packets hit your server and then go to
this unused IP (rather than back to the bad guy). In many contexts this is
a great idea. Nothing is all gravy, however, and the postsentry docs quite
clearly describe the potential for an attacker to use this feature and IP
spoofing to cause your server to lose contact with other (innocent and
perhaps vitally important) hosts. So use with caution. I don't think
portsentry will modify ipchains but I could be wrong about that.
---
Alan D. Mead / Research Scientist / [EMAIL PROTECTED]
Institute for Personality and Ability Testing
1801 Woodfield Dr / Savoy IL 61874 USA
217-352-4739 (v) / 217-352-9674 (f)
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
