I’ve released a beta of Watcher v0.1. This script monitors a specified message log for connection activities, and if these activities exceed a configurable threshold, Watcher will add the source IP address(es) to iptables. This is great for SSH probes, DNS reflector DDoS, and more! Rule set matches are fully configurable and include an option to write custom regular expressions to assist in matching log entries the pattern language cannot. The default rule sets should work just fine, however.

Currently, Watcher only works with a fairly modern Linux distro. FreeBSD ipfw and OpenBSD pf support is forthcoming. There are some other requirements. Keep reading to find out what these requirements are, how to obtain this script, install it, and use it!

I was at university today when I realized I had disabled my WinVNC service over the weekend in order to isolate a problem that–as it turns out–was not related to VNC. Unfortunately, I had forgotten to restart the service and was left with no way to remote into my desktop at home. Worse, since I’ve been using Visual Studio a lot, I configured the bootloader to enter Windows by default rather than Gentoo–so no hope of fixing things remotely from there, either. As it turns out, however, the problem wasn’t nearly as difficult as I made it out to be.