nanog mailing list archives

RE: Auto ACL blocker

From: Thomas Magill <tmagill () providecommerce com>
Date: Tue, 18 Jan 2011 23:48:45 +0000

Also, have you considered just using the spamhaus DROP list?  They even have code to have the list pushed to IOS 
available.  You could simply substitute your file for their list if you only want to use IPs caught by your honeypot.

http://www.spamhaus.org/faq/answers.lasso?section=DROP%20FAQ

-----Original Message-----
From: Brian R. Watters [mailto:brwatters () absfoc com] 
Sent: Tuesday, January 18, 2011 11:12 AM
To: nanog () nanog org
Subject: Auto ACL blocker

We are looking for the following solution. 

Honey pot that collects attacks against SSH/FTP and so on 

Said attacks are then sent to a master ACL on a edge Cisco router to block all traffic from these offenders .. 

Of course we would require a master whitelist as well as to not be blocked from our own networks. 

Any current solutions or ideas ?? 

-- 

BRW

Current thread:

RE: Auto ACL blocker, (continued)
- RE: Auto ACL blocker Guerra, Ruben (Jan 18)
- Re: Auto ACL blocker Roland Dobbins (Jan 18)
- Re: Auto ACL blocker Greg Whynott (Jan 18)
- Re: Auto ACL blocker Larry Smith (Jan 18)
  - RE: Auto ACL blocker Mark Scholten (Jan 18)
- RE: Auto ACL blocker Thomas Magill (Jan 18)
- RE: Auto ACL blocker Ronald Bonica (Jan 18)
  - Re: Auto ACL blocker Brian R. Watters (Jan 18)
- Re: Auto ACL blocker Joe Blanchard (Jan 18)
  - Re: Auto ACL blocker Brian R. Watters (Jan 18)
- RE: Auto ACL blocker Thomas Magill (Jan 18)
  - Re: Auto ACL blocker ML (Jan 18)
    - RE: Auto ACL blocker Thomas Magill (Jan 18)
    - RE: Auto ACL blocker Thomas Magill (Jan 18)
- Re: Auto ACL blocker Brian R. Watters (Jan 18)
  - RE: Auto ACL blocker George Bonser (Jan 18)