Hi Guys,
I am in the middle of writing a script that takes the ip
addresses that are trying to brute force access to my servers, as detected by the
sshdfilter script, and ‘shuns’ them on my Cisco firewall. I was
contemplating appending the ip addresses to an html page in real time and was
wondering if anyone else would be interested in the data?
I would also be interested in receiving data from other
users of PLUG on who is attacking their networks so that I can proactively block
them from mine before they have a chance to cause trouble. What do you guys
think about this? Is it worth the trouble or would it cause problems that I am
not seeing? I suppose if someone maliciously posted AOL proxy ip or another
like that it would cause problems.
I was also wondering if any of you are blocking the ip
classes of china and other countries where it seams most of these attacks are originating.
I am receiving these Ssh brute force attacks at an increasing rate, several a
night, and am just looking for ways to be proactive and not reactive to each
attack.
Thanks,
Mark