nanog mailing list archives

RE: Auto ACL blocker

From: Ronald Bonica <rbonica () juniper net>
Date: Tue, 18 Jan 2011 14:55:28 -0500

Brian,

Have you thought about what a bad guy might do if he knew that you had such a policy deployed? Is there a way that the 
bad guy might turn the policy against you?

                                                     Ron

-----Original Message-----
From: Brian R. Watters [mailto:brwatters () absfoc com]
Sent: Tuesday, January 18, 2011 2:12 PM
To: nanog () nanog org
Subject: Auto ACL blocker

We are looking for the following solution.

Honey pot that collects attacks against SSH/FTP and so on

Said attacks are then sent to a master ACL on a edge Cisco router to
block all traffic from these offenders ..

Of course we would require a master whitelist as well as to not be
blocked from our own networks.

Any current solutions or ideas ??

--

BRW

Current thread:

Auto ACL blocker Brian R. Watters (Jan 18)
- RE: Auto ACL blocker Guerra, Ruben (Jan 18)
- Re: Auto ACL blocker Roland Dobbins (Jan 18)
- Re: Auto ACL blocker Greg Whynott (Jan 18)
- Re: Auto ACL blocker Larry Smith (Jan 18)
  - RE: Auto ACL blocker Mark Scholten (Jan 18)
- RE: Auto ACL blocker Thomas Magill (Jan 18)
- RE: Auto ACL blocker Ronald Bonica (Jan 18)
  - Re: Auto ACL blocker Brian R. Watters (Jan 18)
- Re: Auto ACL blocker Joe Blanchard (Jan 18)
  - Re: Auto ACL blocker Brian R. Watters (Jan 18)
- RE: Auto ACL blocker Thomas Magill (Jan 18)
  - Re: Auto ACL blocker ML (Jan 18)
    - RE: Auto ACL blocker Thomas Magill (Jan 18)
    - RE: Auto ACL blocker Thomas Magill (Jan 18)
- <Possible follow-ups>
- Re: Auto ACL blocker Brian R. Watters (Jan 18)
  - RE: Auto ACL blocker George Bonser (Jan 18)