RE: Auto ACL blocker

["Mark Scholten" <mark () streamservice nl>]

> From: Larry Smith [mailto:lesmith () ecsis net]
> Sent: Tuesday, January 18, 2011 8:32 PM
>
> On Tue January 18 2011 13:12, Brian R. Watters wrote:
> > We are looking for the following solution.
> >
> > Honey pot that collects attacks against SSH/FTP and so on
> >
> > Said attacks are then sent to a master ACL on a edge Cisco router to
> block
> > all traffic from these offenders ..
> >
> > Of course we would require a master whitelist as well as to not be
> blocked
> > from our own networks.
> >
> > Any current solutions or ideas ??
>
> Private BGP session with Zebra or Quagga on a linux box
> adding the selected IP to a null route.

As we currently do it by putting new rules automatically in firewalls (iptables) it should be easy to change it a 
little bit I think. After the change it should be able to put rules in Zebra/Quagga (or something similar based on 
Linux/Unix). As long as telnet access is available it should also be doable to put it automatically in routers without 
the need of a setup with BGP and Zebra/Quagga.

We are currently looking for ways to increase the list with "abusive" systems to block.

If someone wants to work together with us on increasing the mentioned options feel free to contact me offlist. How we 
get the data currently (from multiple sources) or how the process currently work isn't something I can currently 
mention here (at least not the details).

Regards, Mark