SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001716: Auto blocking IP based on SNORT logs - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001716Endian FirewallFirewall (iptables)public2009-03-30 19:402010-07-17 12:19
Reporterlightningbit 
Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusnewResolutionopen 
PlatformOSOS Version
Product Version2.2-rc3 
Target VersionFixed in Version 
Summary0001716: Auto blocking IP based on SNORT logs
DescriptionAn optional module which
1/monitors the SNORT log,
and can take action when it detects certain violations (like a portscan, or a very critical alert/attack is happening)
by automatically blocking (thus adapting the firewall rules) the abusive IP address or even complete CDIR block

2/Add to that the ability (an extra option) to easily enter a list of CIDR to be blocked proactively (in an easier way then creating firewall rules for every few CDIR blocks)

the 2nd option comes from the need by a lot of people to be able to quickly block e.g. the China, Korean, Nigerian CDIR blocks from a source like this (http://www.okean.com/sinokoreacidr.txt [^])


it would be great added feature making EFW an even stronger firewall

I would appreciate the feedback on how this feature request will be received/considered

thanks

Additional InformationIPCOP used to have such module, called GUARDIAN (not dansguardian) which worked very well for item 1/ above
and I also used it for item 2/
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0003669)
lightningbit (reporter)
2010-01-16 10:34
edited on: 2010-01-16 10:35

more info regarding the requested blocklists:

- I'm talking about a blocklist against incoming attack/abuse/spy attempts

- it would be even nicer, if there would be an option, to integrate with http://iblocklist.com/lists.php [^] where we would be able to enterthe URL's of the lists we want to use, and with a button for each list wheter we want to blacklist (block) or whitelist them

at this moment, I'm using some of these lists, but then I get a huge long page with firewall rules

(0004620)
lightningbit (reporter)
2010-07-17 12:19

anyone else any feedback?

- Issue History
Date Modified Username Field Change
2009-03-30 19:40 lightningbit New Issue
2009-03-30 19:40 lightningbit Assigned To => peter-endian
2009-06-10 12:46 peter-endian Assigned To peter-endian =>
2010-01-16 10:20 lightningbit Note Added: 0003666
2010-01-16 10:26 lightningbit Note Deleted: 0003666
2010-01-16 10:34 lightningbit Note Added: 0003669
2010-01-16 10:35 lightningbit Note Edited: 0003669
2010-07-17 12:19 lightningbit Note Added: 0004620

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker