nanog mailing list archives
Re: Auto ACL blocker
From: Joe Blanchard <jbfixurpc () gmail com>
Date: Tue, 18 Jan 2011 14:19:24 -0600
On Tue, Jan 18, 2011 at 1:12 PM, Brian R. Watters <brwatters () absfoc com>wrote:
We are looking for the following solution. Honey pot that collects attacks against SSH/FTP and so on Said attacks are then sent to a master ACL on a edge Cisco router to block all traffic from these offenders .. Of course we would require a master whitelist as well as to not be blocked from our own networks. Any current solutions or ideas ?? -- BRW
A good start from the honeypot would be sshguard. I'm sure that it could be adapted to script out an ACL or such, as well in my usage of it it has timed values to release the block after X_amount_of_time . I'd be curious as to what other(s) you find for this. -Joe Blanchard
Current thread:
- Auto ACL blocker Brian R. Watters (Jan 18)
- RE: Auto ACL blocker Guerra, Ruben (Jan 18)
- Re: Auto ACL blocker Roland Dobbins (Jan 18)
- Re: Auto ACL blocker Greg Whynott (Jan 18)
- Re: Auto ACL blocker Larry Smith (Jan 18)
- RE: Auto ACL blocker Mark Scholten (Jan 18)
- RE: Auto ACL blocker Thomas Magill (Jan 18)
- RE: Auto ACL blocker Ronald Bonica (Jan 18)
- Re: Auto ACL blocker Brian R. Watters (Jan 18)
- Re: Auto ACL blocker Joe Blanchard (Jan 18)
- Re: Auto ACL blocker Brian R. Watters (Jan 18)
- RE: Auto ACL blocker Thomas Magill (Jan 18)
- Re: Auto ACL blocker ML (Jan 18)
- RE: Auto ACL blocker Thomas Magill (Jan 18)
- RE: Auto ACL blocker Thomas Magill (Jan 18)
- Re: Auto ACL blocker ML (Jan 18)
- <Possible follow-ups>
- Re: Auto ACL blocker Brian R. Watters (Jan 18)
- RE: Auto ACL blocker George Bonser (Jan 18)