Ban IP's from saslauthd/postfix?
petter at synth.no
Mon May 25 08:16:54 UTC 2015
On Sun, 24 May 2015 10:42:14 -0600
"compdoc" <compdoc at hotrodpc.com> wrote:
> > I need something that will see a failed attempt to authenticate,
> > and block
> the address for a long period of time.
> Sounds like something snort can do.
It can? Thanks, I'll check that out right now. It doesn't say anything
about being able to act on events other than notifications, but maybe
that can be easily changed to trigger iptables;
Description-en: flexible Network Intrusion Detection System
Snort is a libpcap-based packet sniffer/logger which can be used as a
lightweight network intrusion detection system. It features rules-based
logging and can perform content searching/matching in addition to
detecting a variety of other attacks and probes, such as buffer
overflows, stealth port scans, CGI attacks, SMB probes, and much more.
Snort has a real-time alerting capability, with alerts being sent to
syslog, a separate "alert" file, or even to a Windows computer via
"Are you sure?"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 213 bytes
Desc: OpenPGP digital signature
More information about the ubuntu-users