Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Scriptable defense question

From: Christopher <c.boggs () gmail com>
Date: Thu, 14 May 2009 15:20:06 -0500
Take a look at OSSEC HIDS:  http://www.ossec.net

On Mon, May 11, 2009 at 12:13 PM, Fred H <sectester () yahoo com> wrote:


Hi All,

here is a scenario that has come up.
Lets says there is a generic server that is on a dmz, and there are many password attempts on the server.  Is there a 
tool that would allow for a tcp reset, or connection drop , or possible bar future sessions from that IP?
I am thinking of a script that parses a log, looks for repeated attempts from the same IP, and then calls a tool that 
drops the connection.

Does anyone have any ideas on this?

 Fred Hamilton
Information Security Analyst 2
Financial Sector






------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: