Gentoo Archives: gentoo-security

From: Dave Strydom <strydom.dave@×××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs
Date: Tue, 04 Oct 2005 09:03:26
Message-Id: fc38b710510040155rcf44495g935f64dbd99c3557@mail.gmail.com
In Reply to: Re: [gentoo-security] [OT?] automatically firewalling off IPs by Joerg Mertin
You know what would be seriously awesome, is if they have a type of RBL
listing for this kind of thing, and you could just link your iptables up to
the rbl listings.

(for those of you who don't know how rbl's work)

Example, I see this in my auth.log:
-------------------------------------------
Sep 28 03:20:42 cerberus sshd[20136]: Address
209.50.253.203<http://209.50.253.203>maps to
srv.warofthering.net <http://srv.warofthering.net>, but this does not map
back to the address - POSSIBLE BREAKIN ATTEM
PT!
Sep 28 03:20:43 cerberus sshd[20171]: Invalid user cchen from
209.50.253.203<http://209.50.253.203>
Sep 28 03:20:43 cerberus sshd[20141]: Address
209.50.253.203<http://209.50.253.203>maps to
srv.warofthering.net <http://srv.warofthering.net>, but this does not map
back to the address - POSSIBLE BREAKIN ATTEM
PT!
Sep 28 03:20:43 cerberus sshd[20176]: Invalid user admin from
209.50.253.203<http://209.50.253.203>
Sep 28 03:20:44 cerberus sshd[20181]: Invalid user admin from
209.50.253.203<http://209.50.253.203>
Sep 28 03:20:44 cerberus sshd[20186]: Invalid user admin from
209.50.253.203<http://209.50.253.203>
-------------------------------------------

I could then submit the IP address to a RBL listing site, and then all
people who plugin to the rbl listing could update their firewalls with the
latest listing.

Just an idea, i dont know how hard it would be to do?

Dave

================

Replies

Subject Author
Re: [gentoo-security] [OT?] automatically firewalling off IPs Kyle Lutze <kyle@×××××××××××.com>
Re: [gentoo-security] [OT?] automatically firewalling off IPs Robert Larson <robert@×××××××××.com>