[CentOS] Re: Software to monitor security logs and email ISPs?

Bryan J. Smith b.j.smith at ieee.org
Tue Jul 26 15:28:41 UTC 2005


Preston Crawford <me at prestoncrawford.com> wrote:
> I have a firewall router

<OT-Comment>
Is it a "Router" or a 'Ritter?
http://thebs413.blogspot.com/2005/07/ritters-because-most-natpat-devices.html
</OT-Comment>

> and I run a firewall on CentOS as well.

Does either have an intrusion detection system (IDS) or some
other form of real-time packet and/or non-real-time log
analysis?

> I guess it's one of those things where I'm sick of seeing
it
> come up in my security log, so I'd like to start sending
> email to the ISPs to tell them to do their job and enforce
> their rules for all the Windoze users out there.

Well, most ISPs already have thin margins to work on.  But
yes, the larger providers should be contacted, especially
when a major block of theirs is infected.

> But I don't want to take the time to do it manually. Any
> suggestions?

I already saw someone mention DShield.ORG, which seems to be
the most popular right now.

On more corporate networks with ununsed IPs, I like to use
various port fakers that accept a SYN, but don't accept their
ACK.  That keeps the zombies tied up and busy, expoentially
reducing the number of hosts they can attack.


-- 
Bryan J. Smith                 mailto:b.j.smith at ieee.org
Sent from Yahoo Mail (please excuse any missing headers)



More information about the CentOS mailing list