I use Snort + Swatch. Of all the attacks detected by Snort, I only care about a few that may compromise my system, like the SSH password scans and POP/IMAP/SMTP attacks.
Swatch is tailing/var/log/snort/alert and, if an attack is detected 3 times or more in 30 seconds coming from the same IP, I block the IP with iptables. Once a week I rerun my firewall script to cleanup the swatch generated rules.
If I had time I would improve this in two ways:
- To have an e-mail sent to me if the same IP attacks the system again after being blocked for a few days.
- To clean the swatch generated rules by age, and not once a week via cron as I do now.
This means that Linux will become the Kazaa of the OSes. People WILL by this, because they never stopped buying from M$.
As Microsoft plays to the tune of Hollywood, Apple will follow suite, and Linux will be declared illegal because it can be used to skip DRM (unless you have it in a server room without a monitor!;-).
From M$ point of view this is another brilliant marketing move. It will mutate from an electronic typewritter producer to a media player producer, and the "itchy Linux" thing will automatically become the ship full of pirates.
Slashdot Mirror
This guys watched too many episodes of Prison Break. Next season the tatoo will hold the Library of Congress!
I use Snort + Swatch. Of all the attacks detected by Snort, I only care about a few that may compromise my system, like the SSH password scans and POP/IMAP/SMTP attacks. Swatch is tailing /var/log/snort/alert and, if an attack is detected 3 times or more in 30 seconds coming from the same IP, I block the IP with iptables. Once a week I rerun my firewall script to cleanup the swatch generated rules.
If I had time I would improve this in two ways:
- To have an e-mail sent to me if the same IP attacks the system again after being blocked for a few days.
- To clean the swatch generated rules by age, and not once a week via cron as I do now.
This means that Linux will become the Kazaa of the OSes. People WILL by this, because they never stopped buying from M$. As Microsoft plays to the tune of Hollywood, Apple will follow suite, and Linux will be declared illegal because it can be used to skip DRM (unless you have it in a server room without a monitor!;-). From M$ point of view this is another brilliant marketing move. It will mutate from an electronic typewritter producer to a media player producer, and the "itchy Linux" thing will automatically become the ship full of pirates.
Buy an antivirus company and make money from them!!