i would really like to see Mint Dev or similar (i cannot) code an app called MintRusion (Mint Intrusion Detection System), using http://www.snort.org, to show intrusions and autoban intruding ip with ufw or open some gtk alart with some like ...
Snort log:
Code: Select all
[**] [1:1256:2] WEB-IIS CodeRed v2 root.exe access [**]
[Classification: Web Application Attack] [Priority: 1]
03/30-19:35:54.306411 68.153.97.216:4464 -> 192.168.1.1:80
TCP TTL:122 TOS:0x0 ID:2271 IpLen:20 DgmLen:112 DF
***AP*** Seq: 0x949963A3 Ack: 0xA3F9CDE1 Win: 0x4510 TcpLen: 20
Code: Select all
Alert!
Mintrusion detected %Classification% with Priority %PriorLevel% from %intruder_IP% on %Attacked_IP% !
Options:
[1] Add BAN %
[2] WhoIS %
[3] Ignore %