BlockHosts

BlockHosts

Infobox_Software
name = BlockHosts
caption = BlockHosts
developer = Avinash Chopde
latest_release_version = 2.4
latest_release_date = June 17, 2008
operating_system = FreeBSD,OpenBSD,NetBSD,DragonflyBSD,Linux
genre = Intrusion prevention
license = Public Domain
website = http://www.aczoom.com/cms/blockhosts

BlockHosts is a Python systemtool for Linux that blocks IP Addresses based on information gleaned fromscanning system logs. It updates a hosts blockfile (such as hosts.deny)automatically, to block IP addresses. It will also expire previouslyblocked addresses based on age of last failed login attempt; this keepsthe blockfile size manageable. Inaddition to hosts.allow TCP wrappers blocking, it can also executeiptables or ip route commands to block all TCP/IP network trafficfrom an address, so all services, even thosethat do not run under TCP wrappers, can be protected.

Also available: an email notification facility, as well as an RSS feed exporting the list of blocked addresses. Contributed extensions include web scripts for intrusion source and location mashup displaying a geographic map of the blocked IP addresses.

The patterns used to scan system logs are extendable; out-of-the-box itcomes with patterns to recognize OpenSSH, ProFTPd, vsftpd,
Pure-FTPd, and a few other services. All these use TCP wrappers,but blockhosts can also be extended to match patterns in non-TCP-wrappers services such as the web server Apache HTTP Server, byblocking IP addresses using null routing or packet filtering techniques.

Operation

When executedblockhosts.py scans a configured list of system log fileslooking for patterns matching undesirable access to theservices running on the computer. A count is kept of the number of timesa source IP address has made such accesses, and when the count exceeds athreshold, that IP address is blocked.blockhosts.py can be executed automatically by using TCP wrappersmechanisms or by using scheduled cron table entries.

Non-TCP-wrappers service can be protected by using ip route null-route or iptables packet filtering based blocking. Just as the blockfile size is managed by expiring old blocked IP addresses, so are the routing table and packet filtering rules pruned on expiry of a blocked IP address. Reboots are also handled automatically - even though on a reboot the routing table or packet filtering rules may be lost, on the first invocation of blockhosts.py after a reboot, all the blocked IP entries will be re-inserted, so nothing special has to be done to handle reboots.

ee also

*IP blocking
*TCP wrapper
*OpenSSH
*Nullroute
*DenyHosts
*Fail2ban

External links

* [http://www.aczoom.com/cms/blockhosts BlockHosts] website, along with contributed utilities


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • IP blocking — prevents the connection between a computer or network and certain IP addresses or ranges of addresses. IP blocking effectively bans undesired connections from those computers to a website, mail server, or other Internet server.IP banning is… …   Wikipedia

  • TCP Wrapper — NOTOC Infobox Software name = TCP Wrapper caption = developer = Wietse Venema latest release version = v0.7.6 operating system = Unix like genre = Security license = BSD license website = [ftp://ftp.porcupine.org/pub/security/index.html] TCP… …   Wikipedia

  • DenyHosts — Developer(s) Phil Schwartz Stable release 2.7 / November 11, 2008; 2 years ago (2008 11 11) Written in Python Operatin …   Wikipedia

  • Fail2ban — Infobox Software name = Fail2Ban caption = Fail2Ban developer = Cyril Jaquier latest release version = 0.8.2 latest release date = March 6, 2008 operating system = Linux genre = Intrusion prevention license = GPL v2 website =… …   Wikipedia

  • BruteForceBlocker — Infobox Software name = BruteForceBlocker caption = BruteForceBlocker developer = Daniel Gerzo latest release version = 1.2.3 latest release date = March 6, 2006 operating system = FreeBSD,OpenBSD,NetBSD,DragonflyBSD,Linux genre = Intrusion… …   Wikipedia

  • BlockSSHD — Infobox Software name = BruteForceBlocker caption = BruteForceBlocker developer = James Turnbull latest release version = 1.3 latest release date = June 27, 2008 operating system = Linux genre = Intrusion prevention license = GNU General Public… …   Wikipedia

  • SSHBlock — Infobox Software name = SSHBlock caption = SSHBlock developer = Anders Nordby latest release version = 1.0 latest release date = December 3, 2006 operating system = FreeBSD,OpenBSD,NetBSD,DragonflyBSD,Linux genre = Intrusion prevention license =… …   Wikipedia

  • SSHGuard — Infobox Software name = SSHGuard caption = SSHGuard developer = Michele Mazzucchi latest release version = 1.1 latest release date = July 24, 2008 operating system = FreeBSD,OpenBSD,NetBSD,DragonflyBSD,Linux,Solaris,IBM AIX programming language …   Wikipedia

  • SSHit — Infobox Software name = SSHit caption = SSHit developer = Andreas Pettersson latest release version = 0.6 latest release date = August 22, 2006 operating system = genre = Intrusion prevention license = website = http://anp.ath.cx/sshit/SSHit is a …   Wikipedia

  • DenyHosts — Entwickler Phil Schwartz Aktuelle Version 2.7 (11. November 2008) Betriebssystem Linux/POSIXe mit Firewall Kategorie Intrusion Prevention System …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”