on 6-6-2008 4:28 PM Ruslan Sivak spake the following: > Dennis McLeod wrote: >> They basically detect port >>> scans and add a firewall rule to temporarily block that ip. Does >>> anyone know what tool that is? >>> >>> Also disabling remote login as root should help. >>> >>> Russ >>> >> >> >> Fail2ban, is what you are looking for, I think.... >> >> http://www.fail2ban.org/wiki/index.php/Main_Page >> >> Dennis >> >> ____________________________________________ >> > > Sweet, actually this looks more like what I wanted, but rackspace said > wasn't available. This bans the ips if there are a lot of password > failures. > > There is also another tool which bans ips for port scans. I think it's > been discontinued, but perhaps there is another one out there? > > Russ I think that was portsentry. http://sourceforge.net/projects/sentrytools/ -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080606/951bcb20/attachment-0005.sig>