Re: [ipqbdb-users] Is ipqbdb this still being maintained?

[Didar Hossain]

Hi Alessandro,

On Tue, Feb 1, 2011 at 1:04 AM, Alessandro Vesely <address@hidden> wrote:
> Yes, there are not many users (AFAIK) but I, for one, continue to need

There should be - this is a wonderful piece of software and I have not even used
it yet :-)

If I may be bold, I had the same idea of combining NFQUEUE with BerkeleyDB
lookups. I envisioned running a daemon process with a netlink socket on one
end and a UNIX domain socket at the other. But, talk is cheap.


> Yes, please!  I have difficulties in figuring out what kind of report
> I'd like to see every day.  I already get the relevant number of
> packets caught by iptables rules at the end of the day.  Perhaps
> number of packets by rule would give more insight?  It is tough to
> discriminate distributed attacks from random attacks from unrelated
> sources...  Any idea?

I am sorry, but, how will looking at packet counts, either allowed/blocked
help? I am not able to understand this part.

You are right about it being tough to discriminate between random and
distributed attacks. I currently look at the failed auth attempts in
/var/log/auth.log (on a Ubuntu system) to figure out which accounts as
in "usernames" are being used for brute forcing and then I check that
the passwords are sufficiently strong. I had the system broken into twice
because of weak passwords.

What do you have in mind?

Sorry for making this mail so long winded.

Take care,
Didar