[BlueOnyx:09667] Re: More pam_abl questions....
Greg Kuhnert
gkuhnert at compassnetworks.com.au
Thu Feb 23 04:25:45 -05 2012
On 2/22/2012 2:50 PM, SB9-PageKeeper Service wrote:
> Operation not permitted
> This goes on for about 5 minutes more without stopping anything... any
> ideas? looked at the bundle at compass
> network but im not sure that will work to stop the attack.. once connected
> how do you stop the attack until they disconnect?
> This is on a 5106R. Is dropping the packet the only way? Will pam_abl
> module have any effect?
>
Hi David.
Have another look at dfix. It actually parses anything that pamabl
detects, and adds dynamic firewall rules. Any attack in progress
detected by pamabl will be blocked. It also natively parses many log
files including ftp logs, so you are double protected.
Regards,
Greg.
More information about the Blueonyx
mailing list