Auto ACL blocker

Guerra, Ruben Ruben.Guerra at arrisi.com
Tue Jan 18 13:28:20 CST 2011


Dionaea (nephentes successor) and Kippo (ssh honeypot) are a good start for the honeypot side.


http://carnivore.it/

http://dionaea.carnivore.it/

http://code.google.com/p/kippo/


Watching the tty logs in kippo is great entertainment. Perfect way to collect the skiddies tools.


As far as the automation of ACLs if you find a script out in the wild please share. I do know of the following SNORT to Cisco PIX perl script. Hope this helps.

http://www.chaotic.org/guardian/
http://www.chaotic.org/guardian/scripts/pix-block.pl



Regards,
Ruben Guerra

-----Original Message-----
From: Brian R. Watters [mailto:brwatters at absfoc.com] 
Sent: Tuesday, January 18, 2011 1:12 PM
To: nanog at nanog.org
Subject: Auto ACL blocker

We are looking for the following solution. 

Honey pot that collects attacks against SSH/FTP and so on 

Said attacks are then sent to a master ACL on a edge Cisco router to block all traffic from these offenders .. 

Of course we would require a master whitelist as well as to not be blocked from our own networks. 

Any current solutions or ideas ?? 

-- 

BRW 


More information about the NANOG mailing list