Building a dynamic blacklist with Netfilter's Recent module
KEEP OUT!
Author(s): MICHAEL SCHWARTZKOPFF
Netfilter’s Recent module builds a temporary blacklist to keep intruders off your network.
When an Intrusion Detection System (IDS) recognizes an attack, it issues a strict “keep out” order to block the intruder’s access to services. Unfortunately, other systems on the network might not benefit from this block. The Recent module by Netfilter dynamically updates the firewall access rules to create a temporary “bad guy” list. You can then configure the firewall rules so that an IP address that breaks a rule is temporarily prevented from any form of access. Recent also comes with special features for fighting port scans, and you can combine the Recent module with an external application such as Snort to create a fast and effective framework for detecting and closing out network attacks.
Comments