On Thursday 03 February 2005 07:08, Bob Brennan wrote: > > My question is - is there anything I can set up to shut down the > repeated attempts from the same (different every day) IP? The > obvious choice would be to deny connections to IP address a.b.c.d > after x number of failed login attempts for y period of time, > where I would set x=3 and y=10 minutes. > > Basically I'm looking for toad-proofing. > Is there such a thing and where would I look for it? > > Thanks in advance, > bob You might want to take a look at "snort": www.snort.org. It's an intrusion detection system that has the ability to reject/drop connections based on packet rules. Two features named FLEXRESP and INLINE may help you. If you are using ftp via xinetd you can also use the SENSOR function to block various IP addresses if they are scanning other ports too. See http://www.web-insights.net/xinetd/xinetd-sensors.html for a description of this technique. Regards, Mike Klinke
