Ban IP's from saslauthd/postfix?

Petter Adsen petter at synth.no
Mon May 25 08:16:54 UTC 2015


On Sun, 24 May 2015 10:42:14 -0600
"compdoc" <compdoc at hotrodpc.com> wrote:

> > I need something that will see a failed attempt to authenticate,
> > and block
> the address for a long period of time.
> 
> 
> Sounds like something snort can do. 

It can? Thanks, I'll check that out right now. It doesn't say anything
about being able to act on events other than notifications, but maybe
that can be easily changed to trigger iptables;

Description-en: flexible Network Intrusion Detection System
 Snort is a libpcap-based packet sniffer/logger which can be used as a
 lightweight network intrusion detection system. It features rules-based
 logging and can perform content searching/matching in addition to
 detecting a variety of other attacks and probes, such as buffer
 overflows, stealth port scans, CGI attacks, SMB probes, and much more.
 Snort has a real-time alerting capability, with alerts being sent to
 syslog, a separate "alert" file, or even to a Windows computer via
Samba.

Petter

-- 
"I'm ionized"
"Are you sure?"
"I'm positive."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20150525/7f479050/attachment.pgp>


More information about the ubuntu-users mailing list