On 5/19/2015 11:22 PM, Vieri Di Paola wrote: > Hi, > > Can the shorewall rules TARPIT action be used to automatically > blacklist all IP addresses that try to connect to the tarpit ports? > > Can a custom shell command be triggered/executed whenever there's an > "action match" (eg. attacker connects to a port where there's a > shorewall TARPIT rule and shorewall launches a custom shell command > and passes attacker IP address as argument)? My guess is that it can't > because shorewall isn't a service and it's launched only once to set > up iptables. Correct? Correct. > > So, what options do I have to automatically blacklist IP addresses > that fall into the tarpit? > > Log TARPIT events (e.g.,'TARPIT(tarpit):info' in the ACTION column) and monitor the log for netfilter messages containing 'TARPIT'.
-Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
