Penetration Testing mailing list archives
Re: Scriptable defense question
From: scott <redhowlingwolves () nc rr com>
Date: Thu, 14 May 2009 16:08:15 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Christian Eric Edjenguele wrote:
if you are able to parse the log, if your loggin in xml for example you can use a sax parser or whatever you prefer, then call iptables to filter connection to the host. iptables is powerful and very scriptable. cheers Fred H wrote:Hi All, here is a scenario that has come up. Lets says there is a generic server that is on a dmz, and there are many password attempts on the server. Is there a tool that would allow for a tcp reset, or connection drop , or possible bar future sessions from that IP? I am thinking of a script that parses a log, looks for repeated attempts from the same IP, and then calls a tool that drops the connection. Does anyone have any ideas on this? Fred Hamilton Information Security Analyst 2 Financial Sector ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
If you are running a *nix, try psad. Scott -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoMeicACgkQFQICCHwe04JqaACguxQ5ILHAY5gXJ2dFoF5ixfqn 1ZAAniJaJR4btp7WKmnh5fSGpT5axqOn =5YYe -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Scriptable defense question Fred H (May 14)
- Re: Scriptable defense question Christian Eric Edjenguele (May 14)
- Re: Scriptable defense question scott (May 14)
- RE: Scriptable defense question David_Falloon (May 15)
- Re: Scriptable defense question scott (May 14)
- RE: Scriptable defense question Gostomelsky, Vladislav (May 14)
- Re: Scriptable defense question Jeffrey Walton (May 14)
- Re: Scriptable defense question Christopher (May 14)
- Re: Scriptable defense question Kurt Buff (May 14)
- RE: Scriptable defense question Jeremi Gosney (May 15)
- Re: Scriptable defense question R. DuFresne (May 15)
- Re: Scriptable defense question Giuseppe Fuggiano (May 15)
- Re: Scriptable defense question Christian Eric Edjenguele (May 14)