Re: Software to monitor security logs and email ISPs?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Preston Crawford <me@xxxxxxxxxxxxxxxxxxx> wrote:
> I have a firewall router

<OT-Comment>
Is it a "Router" or a 'Ritter?
http://thebs413.blogspot.com/2005/07/ritters-because-most-natpat-devices.html
</OT-Comment>

> and I run a firewall on CentOS as well.

Does either have an intrusion detection system (IDS) or some
other form of real-time packet and/or non-real-time log
analysis?

> I guess it's one of those things where I'm sick of seeing
it
> come up in my security log, so I'd like to start sending
> email to the ISPs to tell them to do their job and enforce
> their rules for all the Windoze users out there.

Well, most ISPs already have thin margins to work on.  But
yes, the larger providers should be contacted, especially
when a major block of theirs is infected.

> But I don't want to take the time to do it manually. Any
> suggestions?

I already saw someone mention DShield.ORG, which seems to be
the most popular right now.

On more corporate networks with ununsed IPs, I like to use
various port fakers that accept a SYN, but don't accept their
ACK.  That keeps the zombies tied up and busy, expoentially
reducing the number of hosts they can attack.


-- 
Bryan J. Smith                 mailto:b.j.smith@xxxxxxxx
Sent from Yahoo Mail (please excuse any missing headers)

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux