ybiC has asked for the wisdom of the Perl Monks concerning the following question:

I'd like to use Perl to monitor crack attempts against a Linux host I'm responsible for.

Intended features include: Net::syslog comes to mind for the logging part, but how in the world do you capture unsucessful connection attempts ? Would any senior Monks be willing to point me in a good direction to get started? This is by far the most ambitious Perl I've attempted to date, so any advice or code examples are very welcome.
    cheers,
    ybiC

Replies are listed 'Best First'.
Re: ? monitor unsuccessful connection attempts ?
by mdillon (Priest) on Jul 07, 2000 at 09:01 UTC
    you don't want to write your own software for this. instead, pick up PortSentry.

    it is a package designed to do exactly this. it is not entirely Free Software, but it is free for use and redistribution (unmodified) by corporations (and everyone else).

    for the exclusion by port part, you may want to look at the ipchains package which provides firewalling and masquerading capabilities (ipfwadm under 2.0).

[reply]
      Thanks a bunch, mdillon - PortSentry is even Debianized!

      Looks like logcheck may give me some trouble as a seriously unstable Debian package, but Potato is expected soon.

      Update: perusing the PortSentry info, looks like it runs a server of sorts that listens on every port you wish to monitor. mdillon was soooo right - I don't want to write it myself. grin
[reply]

Back to Seekers of Perl Wisdom