[SATLUG] Questions about home server security: non-standard ports
brad at shub-internet.org
Thu Feb 21 19:01:50 CST 2013
On Feb 21, 2013, at 1:52 PM, David Kowis <dkowis at shlrm.org> wrote:
> Is there a logwatch for solaris? That might cover your bases as well.
I'd be surprised if this kind of tool is not widely available on various platforms.
But if you want to actually stop the bots from hitting you multiple times, then you want something like fail2ban -- which should also be able to tarpit them as well as outright block them at the host firewall layer.
A lot depends on what you have for a router/gateway, what you want to use it for, and just how much noise you want to pay attention to. IDS/IPS systems can get overwhelming, very quickly. The latest techniques I've heard of pay a lot more attention to your outgoing traffic and baseline that, then look for weird behaviours and fingerprints of known malware.
So, have we come full circle yet? ;-)
Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
More information about the SATLUG