-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Allen wrote: > Over the last few weeks I've been getting numerous ports scans, each from > unique hosts. The situation is more of an annoyance than anything else, > but I would prefer not seeing or having to deal with an extra 20-30K > entries in my logs as was the case recently. > > I use pf for firewalling, and while it does offer different methods > (max-src-conn, max-src-conn-rate, etc.) for dealing with abusive hosts, it > doesn't seem to offer much in the way of dealing with repeated blocked > (non-stateful) connection attempts from a given host. > > Short of running something like snort, is there a suitable tool for > dealing with this? If not, I'll probably resort to running a cronjob to > parse the logfile and add the offending hosts manually.
Hi David, You might want to try security/portsentry from the ports tree. It's a bit dated, and it has no maintainer at the moment, but a cursory glance at it tells me it might work for you. It supports pf for blocking connections once your trigger conditions are met. Hope that helps, Greg - -- Greg Larkin http://www.FreeBSD.org/ - The Power To Serve http://www.sourcehosting.net/ - Ready. Set. Code. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI19Q00sRouByUApARAskrAJ9kY4inBSR/VmYvXHgV1iw0mfc6HwCglxsE FNlFennVqnulX2EB5PzSw4s= =O6FF -----END PGP SIGNATURE----- _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"