Full Disclosure mailing list archives
Re: Compromised host list - some clarification...
From: Dean Pierce <piercede () pdx edu>
Date: Tue, 21 Feb 2006 10:06:50 -0800
If you need to protect your ssh from scanners, wouldn't it prolly just be best to block people that are actually scanning you? I use the denyhosts script (watches logs for failed login attempts, and blocks ips based on that), and there are a couple other good ones. The two main problems with your solution is.. 1. how can you trust some magical offsite list so much that you are willing to block traffic based on what it says? 2. how can you believe that such a list would ever be complete, or even through? New machines get taken over all the time, and my guess is that the average lifespan of such machines is about a week or so before an admin sees what's going on. - DEAN James Lay wrote:
So ok.....I'm completely positive I didn't make myself clear at all in my previous message...go me! Here's a web site that I did manage to find that has a current list of open proxies: http://www.samair.ru/proxy/index.htm My hope is that I could find a site that has a list of currently reported open proxies, scanners, and ssh brute force boxes. The RBL's pretty much have smtp covered. I would run a cron job at midnight, wget and grep the file, then create an iptables table to block those hosts. This is an attempt to be more proactive then reactive...if I knew those hosts that were actively doing naughty things, why not block them at the get go? Does this make sense? Am I barking up the wrong tree? Thanks all =) James _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Compromised host list - some clarification... James Lay (Feb 21)
- Re: Compromised host list - some clarification... Robert P. McKenzie (Feb 21)
- Re: Compromised host list - some clarification... James Lay (Feb 21)
- Re: Compromised host list - some clarification... Dean Pierce (Feb 21)
- Re: Compromised host list - some clarification... Robert P. McKenzie (Feb 21)