[c-nsp] Log analyzer/ACL advice

Drew Weaver drew.weaver at thenap.com
Fri Jan 5 11:18:47 EST 2007


    I'd like to setup honeypots within my network which have no useful
services what-so-ever running on them for the purpose of detecting and
ultimately preventing any network access to various types of security
bots (SSH scanners, brute force pw types). Has anyone ever found a
package or a simple script for linux that will look in the /messages log
(or any other log) and advise ACL/Null routes based on observed attacks?
 
thanks,
-Drew
 
 


More information about the cisco-nsp mailing list