Use PortSentry in conjunction with LogCheck. PortSentry watches for unauthorized activity in whatever ports you specify and automatically firewalls any deviant IP addresses via ipchains or ipfwadm. Then LogCheck will scan your logs at whatever increment you specify (every 5 minutes, once an hour, once a day, whatever) and report unusual activity or security violations to you. They are two great tastes that taste great together, so to speak. :^) Find PortSentry and LogCheck at www.psionic.com Have fun. Brandon Wheaton UNIX Systems Engineer ValiCert, Inc. 1215 Terra Bella Ave. Mountain View, CA 94043 650.567.5430 ---- Computers are useless; they can only provide answers. ~Pablo Picasso | Date: Tue, 23 May 2000 20:21:57 -0700 | From: Theodore Jones <theoj@xxxxxxxxxxxxx> | Reply-To: cobalt-security@xxxxxxxxxxxxxxx | To: cobalt-security@xxxxxxxxxxxxxxx | Subject: Re: [cobalt-security] consistently pounded | | | So why isn't there a siimple way to have a script watch the error log report | and just add certain IP numbers to the hosts.deny file...? | | ~ Theo |
Attachment:
smime.p7s
Description: S/MIME cryptographic signature