Auto ACL blocker
jbfixurpc at gmail.com
Tue Jan 18 14:19:24 CST 2011
On Tue, Jan 18, 2011 at 1:12 PM, Brian R. Watters <brwatters at absfoc.com>wrote:
> We are looking for the following solution.
> Honey pot that collects attacks against SSH/FTP and so on
> Said attacks are then sent to a master ACL on a edge Cisco router to block
> all traffic from these offenders ..
> Of course we would require a master whitelist as well as to not be blocked
> from our own networks.
> Any current solutions or ideas ??
A good start from the honeypot would be sshguard. I'm sure that it could be
script out an ACL or such, as well in my usage of it it has timed values to
block after X_amount_of_time .
I'd be curious as to what other(s) you find for this.
More information about the NANOG