Intruder Detection and Blocking
Intruder Detection and Blocking (IDB) operates by offering a number of services to the outside
world, which are then monitored for connection attempts. Remote machines that attempt to connect
to these services generate a system log entry providing details of the access attempt and then the
access attempt is categorically denied. Since network scans are often a prelude to a concerted
attempt to compromise a host, the ability to deny all access from hosts that have attempted to scan
monitored ports is also available. Select one or both of the block options to enable this facility and
such hosts will be automatically blocked once detected.
Firewall
Figure 6.6 Intruder Detection and Blocking configuration
62