Nicolas Blais wrote:
Hi,
Whenever someone tries a portscan or http server vulnerability scan on my
system, I have to manually add their ip in my /etc/ipfw.conf file such as:
add 100 deny all from xx.xxx.xxx.xxx to any
Is there a way, without enabling blackhole, to dynamically add ips to my
blacklist after a certain packet/sec limit or some other way?
Thanks,
Nicolas.
Portsentry is probably your best bet. It is probably the easiest
effective security tool I have used for doing things of this nature. It
will detect port scanning and utilize tcp wrappers to block that the
offending IP. Installation is a breeze, it's in security section of ports!
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
