Penetration Testing mailing list archives
RE: Scriptable defense question
From: <David_Falloon () kaltire com>
Date: Thu, 14 May 2009 16:53:58 -0700
You could also use OSSEC ( www.ossec.net ). --D
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of scott Sent: Thursday, May 14, 2009 1:08 PM To: pen-test () securityfocus com Subject: Re: Scriptable defense question -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Christian Eric Edjenguele wrote:if you are able to parse the log, if your loggin in xml for example you can use a sax parser or whatever you prefer, then calliptables tofilter connection to the host. iptables is powerful andvery scriptable.cheers Fred H wrote:Hi All, here is a scenario that has come up. Lets says there is a generic server that is on a dmz, andthere aremany password attempts on the server. Is there a tool that would allow for a tcp reset, or connection drop , or possible bar future sessions from that IP? I am thinking of a script that parses a log, looks for repeated attempts from the same IP, and then calls a tool that drops the connection. Does anyone have any ideas on this? Fred Hamilton Information Security Analyst 2 Financial Sector------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubtthat you canactually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org------------------------------------------------------------------------If you are running a *nix, try psad. Scott -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoMeicACgkQFQICCHwe04JqaACguxQ5ILHAY5gXJ2dFoF5ixfqn 1ZAAniJaJR4btp7WKmnh5fSGpT5axqOn =5YYe -----END PGP SIGNATURE----- -------------------------------------------------------------- ---------- This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org -------------------------------------------------------------- ----------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Scriptable defense question Fred H (May 14)
- Re: Scriptable defense question Christian Eric Edjenguele (May 14)
- Re: Scriptable defense question scott (May 14)
- RE: Scriptable defense question David_Falloon (May 15)
- Re: Scriptable defense question scott (May 14)
- RE: Scriptable defense question Gostomelsky, Vladislav (May 14)
- Re: Scriptable defense question Jeffrey Walton (May 14)
- Re: Scriptable defense question Christopher (May 14)
- Re: Scriptable defense question Kurt Buff (May 14)
- RE: Scriptable defense question Jeremi Gosney (May 15)
- Re: Scriptable defense question R. DuFresne (May 15)
- Re: Scriptable defense question Giuseppe Fuggiano (May 15)
- Re: Scriptable defense question Christian Eric Edjenguele (May 14)