On Wed, 2005-01-05 at 21:53 -0500, Chris Ruprecht wrote: > Hello all, > > I have looked through the list archives and read the replies other have > made about the issue - but nothing seems to fix the problem. > There are numerous methods of automatically creating firewall rules from snort. The first step, though, is to install and understand the output from snort. http://www.snort.org You might also want to install oinkmaster to keep the rules up to date. > Every other morning, I read the system logs from the day before and > there are a number of break in attempts (usually 59) to root and a few > to a slew to other accounts. > I would like to know if there is any program in existence that detects > these attempts and blocks the IP address from sending anything my way > ever again. > I currently have 'minimum' security. I have a router set up with NAT > translation of a few ports pointing to the server box (FC2). Most of the > usual suspects (telnet, ftpP are pointing to non-existing machines. > On the server, I have the firewall switched of as I do not have a clear > understanding how to configure it properly and I just hate to find > myself in a situation where I'm not at home and can't log in ;-). > > If somebody could point me to some documents that describe in simple > terms, how to configure the firewall properly, I'd appreciate it. > > I have looked at firestarter and yes, it works - it either blocks > traffic or it lets traffic in - but it looks a little too primitive for > a production server. > > Thanks, > Chris > -- > Don't ask me nothin' about nothin' - I might just tell you the > truth ... > Bob Dylan ________________________________________________________________________ Total Quality Management - A Commitment to Excellence http://www.TQMcube.com
