>In other words, anyone hitting those ports that are not being used at all >except by our sniff protector, would allow instant banning. > >So...does something like this exist? I don't know of a program that specifically listens to defined ports and acts on that, but fail2ban would accomplish the end result adequately. jlc