On Monday 30 June 2003 17:22, Andrew Sayers wrote: > Ideally. whenever someone tries to FTP in as root, ftp, backup, or some > other administrative account, I'd like iptables to DROP further incoming > FTP traffic from that address, and an e-mail to be sent automatically to > me and their network's administrator. Blocking FTP traffic immediately > has the added benefit that they won't receive a "login refused" message, > which might slow down any scanning attempts.
Well, IMHO this isn't job of the daemon, it's the job of a log monitoring program. You can use logsurfer to monitor your logfiles in realtime and run a programm if an "attack" happens. http://www.cert.dfn.de/eng/logsurf/ seems that there's no debian packages at the moment, but it's easy to compile. > - Andrew best regards, Jens -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
