Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
Philipp Kern wrote:
> On Tue, 2004-11-09 at 15:43, William Yang wrote:
>
>>There's an awful lot of "intrusion prevention" or "active response IDS"
>>[and insert your favorite en-vogue terminology] out there in the market,
>>and people buy it.
>
>
> Yes. But the software you mentioned doesn't block your own hosts as a
> simple shellscript would do. That's what the original poster wanted... a
> more or less ``simple'' script to parse /var/log/secure and block the
> IPs using iptables.
Uhm... I suppose I read the request a little less literally. It seems
pretty clear -- at least to me -- that the original poster's idea is to
limit ssh port probing using the features of the kernel-level firewall.
"Simple" seems to be a somewhat relative term here. I take simple to
be "the smallest amount of logic needed to accomplish the goal with the
fewest adverse effects" rather than "the smallest amount of logic possible."
-Bill
--
William Yang
wyang@...
--
gentoo-security@g.o mailing list
|
|
