Automatically add attacks to deny list?

[Ed Stover]

Nicolas Blais wrote:
> Hi,
> 
> Whenever someone tries a portscan or http server vulnerability scan on my 
> system, I have to manually add their ip in my /etc/ipfw.conf file such as:
> add 100 deny all from xx.xxx.xxx.xxx to any
> 
> Is there a way, without enabling blackhole, to dynamically add ips to my 
> blacklist after a certain packet/sec limit or some other way?
> 
> Thanks,
> Nicolas.

Portsentry is probably your best bet. It is probably the easiest 
effective security tool I have used for doing things of this nature. It 
  will detect port scanning and utilize tcp wrappers to block that the 
offending IP. Installation is a breeze, it's in security section of ports!