Auto ACL blocker

Brian R. Watters brwatters at absfoc.com
Tue Jan 18 20:30:37 UTC 2011


We have used this solution for some time and find it works pretty well .. 

http://www.rfxn.com/projects/ 

However need to find a way to pass this info off to a router, this project used to hold promise however its dead now .. 

www.ipblocker.org 



----- Original Message -----
From: "Joe Blanchard" <jbfixurpc at gmail.com> 
To: "Brian R. Watters" <brwatters at absfoc.com> 
Cc: nanog at nanog.org 
Sent: Tuesday, January 18, 2011 12:19:24 PM 
Subject: Re: Auto ACL blocker 



On Tue, Jan 18, 2011 at 1:12 PM, Brian R. Watters < brwatters at absfoc.com > wrote: 


We are looking for the following solution. 

Honey pot that collects attacks against SSH/FTP and so on 

Said attacks are then sent to a master ACL on a edge Cisco router to block all traffic from these offenders .. 

Of course we would require a master whitelist as well as to not be blocked from our own networks. 

Any current solutions or ideas ?? 

-- 

BRW 

A good start from the honeypot would be sshguard. I'm sure that it could be adapted to 
script out an ACL or such, as well in my usage of it it has timed values to release the 
block after X_amount_of_time . 

I'd be curious as to what other(s) you find for this. 

-Joe Blanchard 


-- 

Brian R. Watters 
Director 
American Broadband Family of Companies 
5718 East Shields Ave 
Fresno, CA. 93727 
brwatters at absfoc.com 
http://www.americanbroadbandservice.com 
tel: 559-420-0205 
fax:559-272-5266 
toll free: 866-827-4638 

ABS offers T-1's starting at $289 in over 450 cities. Is your city on the list? Click here to find out. 

This message and any attachment(s) are solely for the use of intended recipients. They may contain privileged and/or confidential information legally protected from disclosure. If you are not the intended recipient, you are hereby notified that you received this e-mail in error and that any review, dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please contact the sender and delete the message and any attachment(s) from your system. Thank you for your cooperation. 



More information about the NANOG mailing list