[NTLUG:Discuss] Firewall blacklist monitor

[Greg Edwards]

Greg Edwards wrote:
> I've been looking for a firewall blacklist monitoring and management 
> tool.  I'm looking for something that will monitor activity and 
> automatically add and remove addresses from a dynamic blacklist.  My 
> primary need is to stop ssh login attempts.
> 
> I'm running shorewall.  I'm beginning to think I'll have to write my own.
> 
> TIA,

Thanks for the responses.  I have found 2 candidates to meet my needs, 
fail2ban and sshguard.  I'll do more research later.

Even with everyone's help I still found a real lack of options to fit my 
needs.  I do not want to use a hosts.deny solution due to the 
inefficiencies related to file based lookups.  I don't want a solution 
that requires a manual step to create a block of an attack that is 
underway.  These are 2 things that are predominant throughout most of 
the solutions that I looked at.

Mandriva has an interactive firewall monitor, but it is annoying to the 
user, and it requires manual intervention.

Given the seriousness of the problem, I'm surprised that there aren't 
more solutions out there.

--
Greg E