Active Response Examples

In this section, we'll dive into a few juicy examples of using psad in active response mode, and we'll show how it detects and blocks an IP address that is consistently scanning a Linux system that has iptables facilities enabled. See the standard network diagram in Figure 8-1 for all active response examples

2 The two iptables rules in this case are created through the use of the both directive in the corresponding IPT_AUTO_CHAIN variable (i.e., only a single IPT_AUTO_CHAIN variable is required to create the two rules).

in this section. As usual, the default iptables policy implemented by the iptablesfw script from "Default iptables Policy" on page 20 is implemented on the firewall.

Figure 8-1: Default network diagram

Was this article helpful?

0 0

Post a comment