Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-security

From: Dave Strydom <strydom.dave@×××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs
Date: Tue, 04 Oct 2005 14:56:53
Message-Id: fc38b710510040749m2422cee3pde0f921f942f1e67@mail.gmail.com
In Reply to: Re: [gentoo-security] [OT?] automatically firewalling off IPs by Kyle Lutze
1 Which brings me back to my original idea, of only allowing your IP's to
2 connect to SSH on your servers, and just drop everything else, problem
3 solved.
4
5
6
7 On 10/4/05, Kyle Lutze <kyle@×××××××××××.com> wrote:
8 >
9 > Dave Strydom wrote:
10 >
11 > You know what would be seriously awesome, is if they have a type of RBL
12 > listing for this kind of thing, and you could just link your iptables up to
13 > the rbl listings.
14 >
15 > (for those of you who don't know how rbl's work)
16 >
17 > Example, I see this in my auth.log:
18 > -------------------------------------------
19 > Sep 28 03:20:42 cerberus sshd[20136]: Address 209.50.253.203<http://209.50.253.203>maps to
20 > srv.warofthering.net <http://srv.warofthering.net>, but this does not map
21 > back to the address - POSSIBLE BREAKIN ATTEM
22 > PT!
23 > Sep 28 03:20:43 cerberus sshd[20171]: Invalid user cchen from
24 > 209.50.253.203 <http://209.50.253.203>
25 > Sep 28 03:20:43 cerberus sshd[20141]: Address 209.50.253.203<http://209.50.253.203>maps to
26 > srv.warofthering.net <http://srv.warofthering.net>, but this does not map
27 > back to the address - POSSIBLE BREAKIN ATTEM
28 > PT!
29 > Sep 28 03:20:43 cerberus sshd[20176]: Invalid user admin from
30 > 209.50.253.203 <http://209.50.253.203>
31 > Sep 28 03:20:44 cerberus sshd[20181]: Invalid user admin from
32 > 209.50.253.203 <http://209.50.253.203>
33 > Sep 28 03:20:44 cerberus sshd[20186]: Invalid user admin from
34 > 209.50.253.203 <http://209.50.253.203>
35 > -------------------------------------------
36 >
37 > I could then submit the IP address to a RBL listing site, and then all
38 > people who plugin to the rbl listing could update their firewalls with the
39 > latest listing.
40 >
41 > Just an idea, i dont know how hard it would be to do?
42 >
43 > Dave
44 >
45 > That will never happen. The reason being stated plenty of times over, but
46 > I'll state them again:
47 >
48 > * Many of those addresses are from dynamic IPs
49 >
50 > * Some may be using fake IPs that you login from, it would suck to have
51 > you banned from your own server
52 >
53 > * if anybody can submit to an RBL you would have the whole world added to
54 > that RBL in no time because somebody will get the bright idea to do so.
55 >
56 > In short, bad idea.
57 >
58 > Kyle
59 >

Replies

Subject Author
Re: [gentoo-security] [OT?] automatically firewalling off IPs Kyle Lutze <kyle@×××××××××××.com>
Re: [gentoo-security] [OT?] automatically firewalling off IPs Neil Cherry <ncherry@×××××××.net>
Report Message
Find on MARC Find on Google Groups