07-20-2015 08:46 PM
I know there is like brute-force category, where some may have it automatically block the IP for some duration.
I was wondering if there is a way to block IP for x duration if they were doing like a scan against your system, trying multiple vulnerabilities, sometimes the same ones, sometimes moving down the list depending the type of scan.
Like for example, bash vulnerability x5 attempts, I would like to auto ban this guy for 24 hours or something. But if they do it only 3 times, then try like http, cross scripting, ini files, etc, going down their list, how do I auto block those?
Obviously if they trigger like 5 of them in x time period, they are malicious.
Would DoS and Zone protection play into this somehow or something else?
Thanks.
