Auto ACL blocker
Guerra, Ruben
Ruben.Guerra at arrisi.com
Tue Jan 18 19:28:20 UTC 2011
Dionaea (nephentes successor) and Kippo (ssh honeypot) are a good start for the honeypot side.
http://carnivore.it/
http://dionaea.carnivore.it/
http://code.google.com/p/kippo/
Watching the tty logs in kippo is great entertainment. Perfect way to collect the skiddies tools.
As far as the automation of ACLs if you find a script out in the wild please share. I do know of the following SNORT to Cisco PIX perl script. Hope this helps.
http://www.chaotic.org/guardian/
http://www.chaotic.org/guardian/scripts/pix-block.pl
Regards,
Ruben Guerra
-----Original Message-----
From: Brian R. Watters [mailto:brwatters at absfoc.com]
Sent: Tuesday, January 18, 2011 1:12 PM
To: nanog at nanog.org
Subject: Auto ACL blocker
We are looking for the following solution.
Honey pot that collects attacks against SSH/FTP and so on
Said attacks are then sent to a master ACL on a edge Cisco router to block all traffic from these offenders ..
Of course we would require a master whitelist as well as to not be blocked from our own networks.
Any current solutions or ideas ??
--
BRW
More information about the NANOG
mailing list