[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ipqbdb-users] Is ipqbdb this still being maintained?
From: |
Didar Hossain |
Subject: |
Re: [ipqbdb-users] Is ipqbdb this still being maintained? |
Date: |
Tue, 1 Feb 2011 13:47:55 +0530 |
Hi Alessandro,
On Tue, Feb 1, 2011 at 1:04 AM, Alessandro Vesely <address@hidden> wrote:
> Yes, there are not many users (AFAIK) but I, for one, continue to need
There should be - this is a wonderful piece of software and I have not even used
it yet :-)
If I may be bold, I had the same idea of combining NFQUEUE with BerkeleyDB
lookups. I envisioned running a daemon process with a netlink socket on one
end and a UNIX domain socket at the other. But, talk is cheap.
> Yes, please! I have difficulties in figuring out what kind of report
> I'd like to see every day. I already get the relevant number of
> packets caught by iptables rules at the end of the day. Perhaps
> number of packets by rule would give more insight? It is tough to
> discriminate distributed attacks from random attacks from unrelated
> sources... Any idea?
I am sorry, but, how will looking at packet counts, either allowed/blocked
help? I am not able to understand this part.
You are right about it being tough to discriminate between random and
distributed attacks. I currently look at the failed auth attempts in
/var/log/auth.log (on a Ubuntu system) to figure out which accounts as
in "usernames" are being used for brute forcing and then I check that
the passwords are sufficiently strong. I had the system broken into twice
because of weak passwords.
What do you have in mind?
Sorry for making this mail so long winded.
Take care,
Didar
- Re: [ipqbdb-users] Is ipqbdb this still being maintained?,
Didar Hossain <=