NoNox is intended to help automate the defense of
Internet servers against attacks such as
dictionary login attacks. NoNox monitors log files
for user-specified trigger patterns. When a
pattern is seen enough times in a given file
within a given period of time, NoNox will execute
a command. The patterns, time limits, files to
watch, and commands are all user-specified. For
example, if NoNox sees too many failed login
attempts from one IP address, it could execute a
command that tells a firewall to drop packets from
that host, instantly cutting off the attacker.
