Gentoo Archives: gentoo-security

From: Dave Strydom <strydom.dave@×××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs
Date: Tue, 04 Oct 2005 14:56:53
Message-Id: fc38b710510040749m2422cee3pde0f921f942f1e67@mail.gmail.com
In Reply to: Re: [gentoo-security] [OT?] automatically firewalling off IPs by Kyle Lutze
Which brings me back to my original idea, of only allowing your IP's to
connect to SSH on your servers, and just drop everything else, problem
solved.



On 10/4/05, Kyle Lutze <kyle@×××××××××××.com> wrote:
> > Dave Strydom wrote: > > You know what would be seriously awesome, is if they have a type of RBL > listing for this kind of thing, and you could just link your iptables up to > the rbl listings. > > (for those of you who don't know how rbl's work) > > Example, I see this in my auth.log: > ------------------------------------------- > Sep 28 03:20:42 cerberus sshd[20136]: Address 209.50.253.203<http://209.50.253.203>maps to > srv.warofthering.net <http://srv.warofthering.net>, but this does not map > back to the address - POSSIBLE BREAKIN ATTEM > PT! > Sep 28 03:20:43 cerberus sshd[20171]: Invalid user cchen from > 209.50.253.203 <http://209.50.253.203> > Sep 28 03:20:43 cerberus sshd[20141]: Address 209.50.253.203<http://209.50.253.203>maps to > srv.warofthering.net <http://srv.warofthering.net>, but this does not map > back to the address - POSSIBLE BREAKIN ATTEM > PT! > Sep 28 03:20:43 cerberus sshd[20176]: Invalid user admin from > 209.50.253.203 <http://209.50.253.203> > Sep 28 03:20:44 cerberus sshd[20181]: Invalid user admin from > 209.50.253.203 <http://209.50.253.203> > Sep 28 03:20:44 cerberus sshd[20186]: Invalid user admin from > 209.50.253.203 <http://209.50.253.203> > ------------------------------------------- > > I could then submit the IP address to a RBL listing site, and then all > people who plugin to the rbl listing could update their firewalls with the > latest listing. > > Just an idea, i dont know how hard it would be to do? > > Dave > > That will never happen. The reason being stated plenty of times over, but > I'll state them again: > > * Many of those addresses are from dynamic IPs > > * Some may be using fake IPs that you login from, it would suck to have > you banned from your own server > > * if anybody can submit to an RBL you would have the whole world added to > that RBL in no time because somebody will get the bright idea to do so. > > In short, bad idea. > > Kyle >

Replies

Subject Author
Re: [gentoo-security] [OT?] automatically firewalling off IPs Neil Cherry <ncherry@×××××××.net>
Re: [gentoo-security] [OT?] automatically firewalling off IPs Kyle Lutze <kyle@×××××××××××.com>