ADMIN - Explore the new world of system administration! Special introductory offer! Order by September 30th to save 10% off the regular subscription price! Each issue delivers technical solutions to the real-world problems you face every day. Learn the latest techniques for better:
network security
system management
troubleshooting
performance tuning
virtualization
cloud computing
on Windows, Linux, Solaris, and popular varieties of Unix.
Building a dynamic blacklist with Netfilter's Recent module
KEEP OUT!
Author(s): MICHAEL SCHWARTZKOPFF
Netfilter’s Recent module builds a temporary blacklist to keep intruders off your network.
When an Intrusion Detection System (IDS) recognizes an attack, it issues a strict “keep out” order to block the intruder’s access to services. Unfortunately, other systems on the network might not benefit from this block. The Recent module by Netfilter dynamically updates the firewall access rules to create a temporary “bad guy” list. You can then configure the firewall rules so that an IP address that breaks a rule is temporarily prevented from any form of access. Recent also comes with special features for fighting port scans, and you can combine the Recent module with an external application such as Snort to create a fast and effective framework for detecting and closing out network attacks.
Comments