Auto ACL blocker

Guerra, Ruben Ruben.Guerra at
Tue Jan 18 13:28:20 CST 2011

Dionaea (nephentes successor) and Kippo (ssh honeypot) are a good start for the honeypot side.

Watching the tty logs in kippo is great entertainment. Perfect way to collect the skiddies tools.

As far as the automation of ACLs if you find a script out in the wild please share. I do know of the following SNORT to Cisco PIX perl script. Hope this helps.

Ruben Guerra

-----Original Message-----
From: Brian R. Watters [mailto:brwatters at] 
Sent: Tuesday, January 18, 2011 1:12 PM
To: nanog at
Subject: Auto ACL blocker

We are looking for the following solution. 

Honey pot that collects attacks against SSH/FTP and so on 

Said attacks are then sent to a master ACL on a edge Cisco router to block all traffic from these offenders .. 

Of course we would require a master whitelist as well as to not be blocked from our own networks. 

Any current solutions or ideas ?? 



More information about the NANOG mailing list