[CentOS] Program to ban sniffers

Bob Hoffman bob at bobhoffman.com
Sun Jun 21 00:35:00 UTC 2009


So I have been reading the ssh attack thread and finally want to ask about
something.

I doubt there is a program like this, but I would love to have a program
that listens at common ports that I do not use at all...and only allow that
program to listen to it, especially the usual ssh port (using a different
one for real ssh)...

That program would then, upon receiving a 'sniff' or 'user' would then add
that ip to the deny hosts lists..for either a long or short time.

Using this would seem like a win as you can easily grab someone before they
can get somewhere one hopes.
Also, by opening up a few other ports that are unusual like 8561....well, if
someone sniffs that it could be a 3 day ban or a month...

In other words, anyone hitting those ports that are not being used at all
except by our sniff protector, would allow instant banning.

So...does something like this exist?




More information about the CentOS mailing list