Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Kyle Lutze <kyle@...>
Subject: Re: [OT?] automatically firewalling off IPs
Date: Tue, 04 Oct 2005 07:45:30 -0700
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Dave Strydom wrote:
<blockquote
 cite="midfc38b710510040155rcf44495g935f64dbd99c3557@..."
 type="cite">You know what would be seriously awesome, is if they have
a type of RBL
listing for this kind of thing, and you could just link your iptables
up to the rbl listings.<br>
  <br>
(for those of you who don't know how rbl's work)<br>
  <br>
Example, I see this in my auth.log:<br>
-------------------------------------------<br>
Sep 28 03:20:42 cerberus sshd[20136]: Address <a
 href="http://209.50.253.203">209.50.253.203</a> maps to
  <a href="http://srv.warofthering.net">srv.warofthering.net</a>, but
this does not map back to the address -
POSSIBLE BREAKIN ATTEM<br>
PT!<br>
Sep 28 03:20:43 cerberus sshd[20171]: Invalid user cchen from <a
 href="http://209.50.253.203">209.50.253.203</a><br>
Sep 28 03:20:43 cerberus sshd[20141]: Address <a
 href="http://209.50.253.203">209.50.253.203</a> maps to
  <a href="http://srv.warofthering.net">srv.warofthering.net</a>, but
this does not map back to the address -
POSSIBLE BREAKIN ATTEM<br>
PT!<br>
Sep 28 03:20:43 cerberus sshd[20176]: Invalid user admin from <a
 href="http://209.50.253.203">209.50.253.203</a><br>
Sep 28 03:20:44 cerberus sshd[20181]: Invalid user admin from <a
 href="http://209.50.253.203">209.50.253.203</a><br>
Sep 28 03:20:44 cerberus sshd[20186]: Invalid user admin from <a
 href="http://209.50.253.203">209.50.253.203</a><br>
-------------------------------------------<br>
  <br>
I could then submit the IP address to a RBL listing site, and then all
people who plugin to the rbl listing could update their firewalls with
the latest listing.<br>
  <br>
Just an idea, i dont know how hard it would be to do?<br>
  <br>
Dave<br>
</blockquote>
That will never happen. The reason being stated plenty of times over,
but I'll state them again: <br>
<br>
* Many of those addresses are from dynamic IPs<br>
<br>
* Some may be using fake IPs that you login from, it would suck to have
you banned from your own server<br>
<br>
* if anybody can submit to an RBL you would have the whole world added
to that RBL in no time because somebody will get the bright idea to do
so.<br>
<br>
In short, bad idea.<br>
<br>
Kyle<br>
</body>
</html>
Replies:
Re: [OT?] automatically firewalling off IPs
-- Dave Strydom
References:
[OT?] automatically firewalling off IPs
-- Jeremy Brake
Re: [OT?] automatically firewalling off IPs
-- Jeremy Brake
Re: [OT?] automatically firewalling off IPs
-- Joerg Mertin
Re: [OT?] automatically firewalling off IPs
-- Dave Strydom
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: [OT?] automatically firewalling off IPs
Next by thread:
Re: [OT?] automatically firewalling off IPs
Previous by date:
Re: [OT?] automatically firewalling off IPs
Next by date:
Re: [OT?] automatically firewalling off IPs


Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.