| sean finney on 24 Jul 2007 18:55:44 -0000 |
|
On Tuesday 24 July 2007 08:33:53 pm Douglas Muth wrote: > On 7/24/07, Mark Baker <mark.baker@hxti.com> wrote: > > I am in the middle of writing a script that takes the ip addresses that > > are trying to brute force access to my servers, as detected by the > > sshdfilter script, and 'shuns' them on my Cisco firewall. I was > > contemplating appending the ip addresses to an html page in real time and > > was wondering if anyone else would be interested in the data? > > Since I imagine the data would be short-lived (hours to days), why not > put those addresses into DNS and create a DNSBL out of it? It might > be a useful complement to the Spamhaus XBL > (http://www.spamhaus.org/xbl/) however, keep in mind that this (and even my suggestion to a lesser degree) opens up some potential security/DDOS issues. for example, if you base your access control list on data someone else is providing, it's possible that either directly (feeding fake data) or indirectly (connection spoofing) a mean person could put your own network blocks into said list, causing some grief :) sean Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|