CSE361 -- Fall 2017

Modular Intrusion Prevention System

Intrusion Prevention Systems are part of the defense-in-depth strategy of computing systems. One popular Intrusion Prevention System is called fail2ban. fail2ban monitors failed authentication attempts and temporarily blocks traffic from IP addresses that exceed a configurable number. E.g. fail2ban can block all traffic from IP address 1.2.3.4 if that IP address tried to log in more than 10 times in one minute.

In this project, you are called to create a modular, alternative, fail2ban monitor that can track failed authentication for SSH and for the administrative panels of Joomla, Wordpress, and phpMyAdmin. Your tool should also have a web interface that an administrator can use to change the configured thresholds (X requests in Y minutes, blocked for Z time), view which clients and IP addresses are currently blacklisted, and remove blacklisted IP addresses.

Components