On 14/12/10 5:58 PM, Nathan Eisenberg wrote:
Hi Ari,
Sadly, that doesn't quite apply here. My customer has an IDS that can perform
an API call when there are multiple failed-logons in a short period. What I
want is for their Windows boxen to make their pfsense firewall block abusers by
appending abusive IPs to an alias list, reloading the filter, and killing
related connections in the state table.
My point is just that the mechanism is very similar. Fail2ban tails some log
and then injects deny rules into the firewall. Those people who are actually
running fail2ban on their servers could write a special action.d file to use
the API you are suggesting and cause it to ban people trying to hack an ftp
server just as well as from your special application.
The problem with this approach is always that you leave yourself open to a DoS.
Send some spoofed packets 'from' your best customer.
Ari
--
-------------------------->
Aristedes Maniatis
ish
http://www.ish.com.au
Level 1, 30 Wilson Street Newtown 2042 Australia
phone +61 2 9550 5001 fax +61 2 9550 4001
GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A
---------------------------------------------------------------------
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
