|
BLOCKIP
| |
REACTIVE SECURITY
|
|---|
Look in your server logs and see for yourself what's out there trying to get in!
However secure the configuration, most machines have to allow some form of login authentication over a network. Standard system features, or even firewalls with their fixed rules, still leave machines vulnerable to repeated automated attacks from password cracking probes. If a server has a service on offer, somebody will be trying to break in to it.
Mail spammers are an increasing pain. It is essential to block relay features and specific mail addresses, as well as scanning messages for viruses and such. But even so, traffic from repeated attempts to abuse and test mail servers keeps on growing.
|
|
Block IP Attacks
|
We've developed an automated protection tool, BLOCKIP, which looks at standard activty logs and dynamically blocks all IP access for offending remote addresses. To the would be attacker it looks like the server just went dead - there is nothing there to attack any more. While to everyone else, it's business as usual.
BLOCKIP is fully configurable, so that the number of offences can be taken in to consideration and the length of the sentance adjusted. It slows the whole process down for those trying to break through the usual security measures like standard time delay features that are otherwise easily overcome. It prevents probes from an address testing one service after another.
All our servers are protected with BLOCKIP. Despite the dangers of more than five years high profile Internet exposure, our servers have never been compromised in any way.
|
|
|
|
Click to see what IPs we're blocking - addresses that offended this server.
|
|
|
Protect Your Server
|
An AIX, UNIX or Linux system administrator can set up BLOCKIP and required "syslog" logging in about ten minutes:
| • |
A single simple Korn Shell Script, to be invoked from "/etc/inittab"
|
|---|
| • |
Configured to monitor AIX "syslog" logs for failed authentications with "ssh", "telnet", "ftp" and "pop3"
|
|---|
| • |
Equipt to protect "sendmail" and eliminate traffic from spam mail senders, backing up their relays instead
|
|---|
| • |
Includes "named" DNS blocking for unapproved queries and attempted transfers
|
|---|
| • |
Apache "httpd" probing and module hacking is also handled by playing dead when missing pages are requested
|
|---|
| • |
An integrated pro-active approach that stops attack migration by acting to block offenders across multiple services simultaneously
|
|---|
| • |
Easy to extend for other platform specific log entries to detect further events |
|---|
| • |
Standard UNIX commands safely block only offending addresses
|
|---|
Click on the "Order Now" button at the bottom of this page to use our PayPal Shopping Cart facility. When your payment has cleared, we'll email you with the code - usually within a one or two days.
We'll automatically add you to our mailing list to receive any later updates for free, along with relevant news flashes for further developments. Incomes contribute towards the running costs of our ROOTVG and TOPCAT2 web sites.
Note: For non-UNIX type systems, sorry, but this is not the answer - go get UNIX first !
|
|
The Bigger Picture
|
The BLOCKIP tool is just one of a number of solutions we offer for sale - for example:
| • |
Manage system logs with LOG-COMPRESS - limit the size with log rotations
|
|---|
| • |
File level change control with COPYCHK - report changes made, revert or accept
|
|---|
| • |
Automated file transfers with AUTOFTP - ideal to sync cluster configurations
|
|---|
| • |
Secure mail relaying with ACCESSRELAY - "POP3 Before SMTP" for "sendmail"
|
|---|
We only sell what we use ourselves - tools that have run our public Internet servers for many years - solutions developed after working with several on-line banks and really secure systems. All designed for AIX on the IBM pSeries platform, but also suitable for Linux and other UNIX type systems, where the Korn Shell is installed.
You can obtain our solutions individually, with no further support, as here for BLOCKIP.
Or for corporate environments, purchase a package of offerings which includes support.
We provide technical and consulting services, including audit review "health-checks".
|
Legal Notices
You may adapt and customise the BLOCKIP code for your own uses, but you may not re-sell or distribute it or adaptations in any form. You will have a one-time single platform use license - please order another copy for each additional machine to be protected with it. Whilst every effort has been made to ensure the safe functioning of the code, we shall not be liable for any damages resulting directly or indirectly from use or misuse of the code. The code is supplied "as is" with no warranty whatsoever and will be implemented entirely at your own risk. By odering the code, you agree to these and our other general terms and conditions.
|
|
|