Skip to main content
Welcome guest. | Register | Login | Post

tcpd wrappers question and hosts.deny

2 replies [Last post]
supermike's picture
Offline
Joined: 2006-02-17

I was investigating whether there was something I could run that would routinely investigate netstat and lsof commands for "bad traffic" and add it to /etc/hosts.deny file.

For instance, it could watch for certain kinds of attacks, running down my ports sequentially until it finds an opening, or the ping of death, etc. When it finds it, it could automatically add it to my /etc/hosts.deny file and the problem could go away. The script could run in a loop like every 5-15 minutes.

Another sneaky thing to do is put a honeypot port on my system that starts to look like a plain old FTP server, using a PHP script in a loop, for instance. If something tries to connect on that, I could shut the connection down and put the IP address in my /etc/hosts.deny file. (Note, I don't like bringing up FTP servers because they are insecure, so this would work well for me.)

Of course, you still want to be a firewalled system, and perhaps behind yet again another firewall, but at least this is one more added kind of protection.

Anyway, I imagine nothing like this exists, so I'll probably just have to build it myself.

a thing's picture
Offline
Joined: 2005-12-20

I'd think something like this exists somewhere.

Offline
Joined: 2006-03-28

Maybe Snort might be able to do that.

Comment viewing options