On Wed, 23 Jul 2008 10:10:14 +1000, Les Bell wrote > Scott Silva <ssilva at sgvwater.com> wrote: > > >> > Portsentry is still available on sourceforge I believe. > << > > Good call - http://sourceforge.net/projects/sentrytools/ shows they were > uploaded back in 2003 and it looks like nothing has happened since then. > There must be more modern equivalents, surely? I wrote a Perl daemon that I use to tail service log files. Initially it was a Postfix log scanner that looked for unknown address attempts, relay attempts, and honey pot email addresses that I embedded in my web pages. When any of these hits turned up in the mail log, the senders IP was added to the iptables rules. My goal was to cut down on spam. It helped some, but not enough to call it a complete success. But it's very modular. I started having some problems with brute force ftp attacks. Very annoying, kept filling up the log files (and my log partition) with chaff. So I wrote another module for my daemon to scan the ftp logs as well and firewall any ip that failed to log in after 10 tries (a 3 hour time out). This was very successful and now ftp crack attacks are a thing of the past. I've never had ssh problems. My ssh port rules limited it to a few known IP addresses that I may need remote access from. But my Perl daemon could be easily expanded with another module to scan for ssh attacks. Provided you've got some Perl experience and time to hack (I'm hog tied for the next while). Scott -- Registered Linux user #395249, http://counter.li.org Nothing goes to waste when Little Fish are near! (http://www.littlefish.ca)