On Nov 26, 2012, Eli Wapniarski wrote: > This is a great idea in theory.... But.... how could you tell if static or > dynamic ip (some hacked computer at somebodies home). Once they rebooted > their > network they would start attacking all over again. Doesn't really help, does > it. This is a job for iptables not psad. > > Eli > > On Sunday 25 November 2012 23:47:36 Oscar Marley wrote: > > Hi everyone is it possible to define different AUTO_BLOCK_TIMEOUT values > depending on a reached DANGER_LEVEL? > > > Supose that an attacker has reached DANGER_LEVEL 3 and has already waited an > amount of time and you want to increment the blocking time if he reaches > DANGER_LEVEL 4 or block him permanently if he reaches DANGER_LEVEL 5
I tend to think that this idea is a good feature for psad to offer for those that want to configure it (and who also run psad in auto-blocking mode). Typically I reserve any auto-blocking configuration to malicious IP's that trigger an fwsnort signature in an established TCP connection - see the ENABLE_AUTO_IDS_REGEX variable. If one wants to run psad in auto-blocking mode, then it seems reasonable to be able to alter the criteria for regaining access based on the danger level an attacker achieves. People may be able to shift IP addresses as Eli points out, but this feature would add flexibility for those that want to run psad in auto-blocking mode even so. (There are good arguments on both sides of the auto-blocking mode question.) Thanks, --Mike > Greetings. > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------------------------------------------------------------ > Monitor your physical, virtual and cloud infrastructure from a single > web console. Get in-depth insight into apps, servers, databases, vmware, > SAP, cloud infrastructure, etc. Download 30-day Free Trial. > Pricing starts from $795 for 25 servers or applications! > http://p.sf.net/sfu/zoho_dev2dev_nov > _______________________________________________ > psad-discuss mailing list > psad-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/psad-discuss ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss
