Penetration Testing mailing list archives

Re: Scriptable defense question

From: scott <redhowlingwolves () nc rr com>
Date: Thu, 14 May 2009 16:08:15 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Christian Eric Edjenguele wrote:


if you are able to parse the log, if your loggin in xml for example you
can use a sax parser or whatever you prefer, then call iptables to
filter connection to the host. iptables is powerful and very scriptable.

cheers

Fred H wrote:

Hi All,

here is a scenario that has come up.
Lets says there is a generic server that is on a dmz, and there are
many password attempts on the server.  Is there a tool that would
allow for a tcp reset, or connection drop , or possible bar future
sessions from that IP?
I am thinking of a script that parses a log, looks for repeated
attempts from the same IP, and then calls a tool that drops the
connection.

Does anyone have any ideas on this?
 Fred Hamilton
Information Security Analyst 2
Financial Sector



     

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs
require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------


If you are running a *nix, try psad.

Scott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkoMeicACgkQFQICCHwe04JqaACguxQ5ILHAY5gXJ2dFoF5ixfqn
1ZAAniJaJR4btp7WKmnh5fSGpT5axqOn
=5YYe
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Scriptable defense question Fred H (May 14)
- Re: Scriptable defense question Christian Eric Edjenguele (May 14)
  - Re: Scriptable defense question scott (May 14)
    - RE: Scriptable defense question David_Falloon (May 15)
- RE: Scriptable defense question Gostomelsky, Vladislav (May 14)
- Re: Scriptable defense question Jeffrey Walton (May 14)
- Re: Scriptable defense question Christopher (May 14)
- Re: Scriptable defense question Kurt Buff (May 14)
- RE: Scriptable defense question Jeremi Gosney (May 15)
- Re: Scriptable defense question R. DuFresne (May 15)
- Re: Scriptable defense question Giuseppe Fuggiano (May 15)