Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Dave Strydom <strydom.dave@...>
Subject: Re: [OT?] automatically firewalling off IPs
Date: Tue, 4 Oct 2005 16:49:24 +0200
Which brings me back to my original idea, of only allowing your IP's to
connect to SSH on your servers, and just drop everything else, problem
solved.<br>
<br>
<br><br><div><span class="gmail_quote">On 10/4/05, <b class="gmail_sendername">Kyle Lutze</b> &lt;<a href="mailto:kyle@...">kyle@...</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><span class="e" id="q_106bc193172373f5_0">


  
  


Dave Strydom wrote:
<blockquote cite="http://midfc38b710510040155rcf44495g935f64dbd99c3557@..." type="cite">You know what would be seriously awesome, is if they have
a type of RBL
listing for this kind of thing, and you could just link your iptables
up to the rbl listings.<br>
  <br>
(for those of you who don't know how rbl's work)<br>
  <br>
Example, I see this in my auth.log:<br>
-------------------------------------------<br>
Sep 28 03:20:42 cerberus sshd[20136]: Address <a href="http://209.50.253.203" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">209.50.253.203</a> maps to
  <a href="http://srv.warofthering.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">srv.warofthering.net</a>, but
this does not map back to the address -
POSSIBLE BREAKIN ATTEM<br>
PT!<br>
Sep 28 03:20:43 cerberus sshd[20171]: Invalid user cchen from <a href="http://209.50.253.203" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">209.50.253.203</a><br>
Sep 28 03:20:43 cerberus sshd[20141]: Address <a href="http://209.50.253.203" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">209.50.253.203</a> maps to
  <a href="http://srv.warofthering.net" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">srv.warofthering.net</a>, but
this does not map back to the address -
POSSIBLE BREAKIN ATTEM<br>
PT!<br>
Sep 28 03:20:43 cerberus sshd[20176]: Invalid user admin from <a href="http://209.50.253.203" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">209.50.253.203</a><br>
Sep 28 03:20:44 cerberus sshd[20181]: Invalid user admin from <a href="http://209.50.253.203" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">209.50.253.203</a><br>
Sep 28 03:20:44 cerberus sshd[20186]: Invalid user admin from <a href="http://209.50.253.203" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">209.50.253.203</a><br>
-------------------------------------------<br>
  <br>
I could then submit the IP address to a RBL listing site, and then all
people who plugin to the rbl listing could update their firewalls with
the latest listing.<br>
  <br>
Just an idea, i dont know how hard it would be to do?<br>
  <br>
Dave<br>
</blockquote></span></div>
That will never happen. The reason being stated plenty of times over,
but I'll state them again: <br>
<br>
* Many of those addresses are from dynamic IPs<br>
<br>
* Some may be using fake IPs that you login from, it would suck to have
you banned from your own server<br>
<br>
* if anybody can submit to an RBL you would have the whole world added
to that RBL in no time because somebody will get the bright idea to do
so.<br>
<br>
In short, bad idea.<br><span class="sg">
<br>
Kyle<br>



</span></blockquote></div><br>
Replies:
Re: [OT?] automatically firewalling off IPs
-- Neil Cherry
Re: [OT?] automatically firewalling off IPs
-- Kyle Lutze
References:
[OT?] automatically firewalling off IPs
-- Jeremy Brake
Re: [OT?] automatically firewalling off IPs
-- Jeremy Brake
Re: [OT?] automatically firewalling off IPs
-- Joerg Mertin
Re: [OT?] automatically firewalling off IPs
-- Dave Strydom
Re: [OT?] automatically firewalling off IPs
-- Kyle Lutze
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: [OT?] automatically firewalling off IPs
Next by thread:
Re: [OT?] automatically firewalling off IPs
Previous by date:
Re: [OT?] automatically firewalling off IPs
Next by date:
Re: [OT?] automatically firewalling off IPs


Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.