Auto ACL blocker

Joe Blanchard jbfixurpc at gmail.com
Tue Jan 18 14:19:24 CST 2011


On Tue, Jan 18, 2011 at 1:12 PM, Brian R. Watters <brwatters at absfoc.com>wrote:

> We are looking for the following solution.
>
> Honey pot that collects attacks against SSH/FTP and so on
>
> Said attacks are then sent to a master ACL on a edge Cisco router to block
> all traffic from these offenders ..
>
> Of course we would require a master whitelist as well as to not be blocked
> from our own networks.
>
> Any current solutions or ideas ??
>
> --
>
> BRW
>

A good start from the honeypot would be sshguard. I'm sure that it could be
adapted to
script out an ACL or such, as well in my usage of it it has timed values to
release the
block after X_amount_of_time .

I'd be curious as to what other(s) you find for this.

-Joe Blanchard



More information about the NANOG mailing list