|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] ssh brute force attacks & real time offending IP lists
|
- From: "Douglas Muth" <doug.muth@gmail.com>
- To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
- Subject: Re: [PLUG] ssh brute force attacks & real time offending IP lists
- Date: Tue, 24 Jul 2007 14:33:53 -0400
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=NKhNst5/o9l2cP7+vHc6fRuwHgjYI/PBmtDbU+iE+Ie5AO4uli4Kl3qlMQxbTSTVGT5qbD1bFTESdewFPbfBset+NXG/nMJ+i6UzeoMzgmwNA6LGHvPJ7elYAs8WycFbkZmq1A216oHyP1UFoF2RQJhgY2dTM+V2JGyroUpIrg4=
- Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
- Sender: plug-bounces@lists.phillylinux.org
On 7/24/07, Mark Baker <mark.baker@hxti.com> wrote:
I am in the middle of writing a script that takes the ip addresses that are
trying to brute force access to my servers, as detected by the sshdfilter
script, and 'shuns' them on my Cisco firewall. I was contemplating
appending the ip addresses to an html page in real time and was wondering if
anyone else would be interested in the data?
Since I imagine the data would be short-lived (hours to days), why not
put those addresses into DNS and create a DNSBL out of it? It might
be a useful complement to the Spamhaus XBL
(http://www.spamhaus.org/xbl/)
-- Doug
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|