Auto ACL blocker
Ruben.Guerra at arrisi.com
Tue Jan 18 13:28:20 CST 2011
Dionaea (nephentes successor) and Kippo (ssh honeypot) are a good start for the honeypot side.
Watching the tty logs in kippo is great entertainment. Perfect way to collect the skiddies tools.
As far as the automation of ACLs if you find a script out in the wild please share. I do know of the following SNORT to Cisco PIX perl script. Hope this helps.
From: Brian R. Watters [mailto:brwatters at absfoc.com]
Sent: Tuesday, January 18, 2011 1:12 PM
To: nanog at nanog.org
Subject: Auto ACL blocker
We are looking for the following solution.
Honey pot that collects attacks against SSH/FTP and so on
Said attacks are then sent to a master ACL on a edge Cisco router to block all traffic from these offenders ..
Of course we would require a master whitelist as well as to not be blocked from our own networks.
Any current solutions or ideas ??
More information about the NANOG