You might want to try portsentry. It works pretty well. It will build a profile of your machine and then guard based on that and the rules you add. It will add the offending hosts to the hosts.deny, add an ipchain to block them, and add a bad route so they cannot get to your machine anymore. Works pretty. http://www.psionic.com/products/portsentry.html Michael -----Original Message----- From: security-discuss-bounce@linuxsecurity.com [mailto:security-discuss-bounce@linuxsecurity.com]On Behalf Of Bernard Hoffman Sent: Tuesday, September 03, 2002 5:20 AM To: 'security-discuss@linuxsecurity.com' Subject: Basic IDS Hello all. I'm looking into IDS and was wondering if any of you can suggest a good package/process to analyze and block malicious network traffic (in and out). I want to have the firewall detect and block requests from hosts/subnets that consistently attempt port-scans, worm attacks, password hacks, etc. Any ideas? ------ Bernard Hoffman _ _ _ _ _ _ _ e | Market Capital, Inc. http://www.emarketcapital.com ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
