Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
You know what would be seriously awesome, is if they have a type of RBL
listing for this kind of thing, and you could just link your iptables
up to the rbl listings.<br>
<br>
(for those of you who don't know how rbl's work)<br>
<br>
Example, I see this in my auth.log:<br>
-------------------------------------------<br>
Sep 28 03:20:42 cerberus sshd[20136]: Address <a href="http://209.50.253.203">209.50.253.203</a> maps to
<a href="http://srv.warofthering.net">srv.warofthering.net</a>, but this does not map back to the address -
POSSIBLE BREAKIN ATTEM<br>
PT!<br>
Sep 28 03:20:43 cerberus sshd[20171]: Invalid user cchen from <a href="http://209.50.253.203">209.50.253.203</a><br>
Sep 28 03:20:43 cerberus sshd[20141]: Address <a href="http://209.50.253.203">209.50.253.203</a> maps to
<a href="http://srv.warofthering.net">srv.warofthering.net</a>, but this does not map back to the address -
POSSIBLE BREAKIN ATTEM<br>
PT!<br>
Sep 28 03:20:43 cerberus sshd[20176]: Invalid user admin from <a href="http://209.50.253.203">209.50.253.203</a><br>
Sep 28 03:20:44 cerberus sshd[20181]: Invalid user admin from <a href="http://209.50.253.203">209.50.253.203</a><br>
Sep 28 03:20:44 cerberus sshd[20186]: Invalid user admin from <a href="http://209.50.253.203">209.50.253.203</a><br>
-------------------------------------------<br>
<br>
I could then submit the IP address to a RBL listing site, and then all
people who plugin to the rbl listing could update their firewalls with
the latest listing.<br>
<br>
Just an idea, i dont know how hard it would be to do?<br>
<br>
Dave<br>
<br>
================<br>
<br>
|
|
