Gentoo Linux -- List Archive: gentoo-security

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647

List Archive: gentoo-security

Navigation:

Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >

Headers:

To:	gentoo-security@g.o
From:	Kyle Lutze <kyle@...>
Subject:	Re: [OT?] automatically firewalling off IPs
Date:	Tue, 04 Oct 2005 07:45:30 -0700

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Dave Strydom wrote:
<blockquote
 cite="midfc38b710510040155rcf44495g935f64dbd99c3557@..."
 type="cite">You know what would be seriously awesome, is if they have
a type of RBL
listing for this kind of thing, and you could just link your iptables
up to the rbl listings.<br>
  <br>
(for those of you who don't know how rbl's work)<br>
  <br>
Example, I see this in my auth.log:<br>
-------------------------------------------<br>
Sep 28 03:20:42 cerberus sshd[20136]: Address <a
 href="http://209.50.253.203">209.50.253.203</a> maps to
  <a href="http://srv.warofthering.net">srv.warofthering.net</a>, but
this does not map back to the address -
POSSIBLE BREAKIN ATTEM<br>
PT!<br>
Sep 28 03:20:43 cerberus sshd[20171]: Invalid user cchen from <a
 href="http://209.50.253.203">209.50.253.203</a><br>
Sep 28 03:20:43 cerberus sshd[20141]: Address <a
 href="http://209.50.253.203">209.50.253.203</a> maps to
  <a href="http://srv.warofthering.net">srv.warofthering.net</a>, but
this does not map back to the address -
POSSIBLE BREAKIN ATTEM<br>
PT!<br>
Sep 28 03:20:43 cerberus sshd[20176]: Invalid user admin from <a
 href="http://209.50.253.203">209.50.253.203</a><br>
Sep 28 03:20:44 cerberus sshd[20181]: Invalid user admin from <a
 href="http://209.50.253.203">209.50.253.203</a><br>
Sep 28 03:20:44 cerberus sshd[20186]: Invalid user admin from <a
 href="http://209.50.253.203">209.50.253.203</a><br>
-------------------------------------------<br>
  <br>
I could then submit the IP address to a RBL listing site, and then all
people who plugin to the rbl listing could update their firewalls with
the latest listing.<br>
  <br>
Just an idea, i dont know how hard it would be to do?<br>
  <br>
Dave<br>
</blockquote>
That will never happen. The reason being stated plenty of times over,
but I'll state them again: <br>
<br>
* Many of those addresses are from dynamic IPs<br>
<br>
* Some may be using fake IPs that you login from, it would suck to have
you banned from your own server<br>
<br>
* if anybody can submit to an RBL you would have the whole world added
to that RBL in no time because somebody will get the bright idea to do
so.<br>
<br>
In short, bad idea.<br>
<br>
Kyle<br>
</body>
</html>

Replies:

Re: [OT?] automatically firewalling off IPs
-- Dave Strydom

References:

[OT?] automatically firewalling off IPs
-- Jeremy Brake

Re: [OT?] automatically firewalling off IPs
-- Jeremy Brake

Re: [OT?] automatically firewalling off IPs
-- Joerg Mertin

Re: [OT?] automatically firewalling off IPs
-- Dave Strydom

Navigation:

Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >

Previous by thread:

Re: [OT?] automatically firewalling off IPs

Next by thread: