[Info-vax] intrusion detection
Christoph Gartmann
gartmann at nonsense.immunbio.mpg.de
Fri Mar 13 10:42:50 EDT 2009
In article <49ba5a22$0$6682$703f8584 at textnews.kpn.nl>, joukj <joukj at hrem.nano.tudelft.nl> writes:
[...]
>My question was more "principle" for the next time, since at present I
>can block the "offending" Ip-address. But if the attack comes from a
>complete different network in future it will not be blocked (the pop3
>service i.e. should be open for our legal clients from outside the
>university). I was just wondering why all these offences were logged as
>"single" offences and not "bundled" as one so that a retry with another
>user-name does not help. I noticed that the SSHD form HP/TCPIP does
>probably this.
The currently shipping version of Multinet has the appropriate feature. You may
block an ip address after a few unsuccessfull attempts.
Regards,
Christoph Gartmann
--
Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -80464
Immunbiologie
Postfach 1169 Internet: gartmann at immunbio dot mpg dot de
D-79011 Freiburg, Germany
http://www.immunbio.mpg.de/home/menue.html
More information about the Info-vax
mailing list