Brutus IPS

This is a home grown Intrusion Prevention System I’ve called Brutus. Based on Linux Portsentry, a given server listens on standard ports (say, 80 & 443) but Portsentry listens on all other ports. When these ports are touched (always the result of a portscan) Portsentry executes Brutus scripts which instruct the firewall to null-route the offending IP. Brutus was designed for PFSense but it works with Zywall and any other firewall that supports SSH, SSH keys and setting null-route via remote command.

Brutus

BASH

Brutus – Brutus Client

Part of the Brutus Project, this article goes over Brutus client servers, so that you can run one main Brutus server and all the other servers in your network send it commands remotely.

BASH

Brutus- Brutus Server

Part of the Brutus Project, this article goes over the main Linux server running Portsentry and Brutus.

Projects

Brutus – Firewall

Part of the Brutus Project, this article goes over firewall placement and configuration highlights.

Projects

Brutus – Premise of Operation

Brutus is the name of a series of scripts that allows Portsentry to work with your firewall, helping to prevent would-be attackers from penetrating your network.