| 1 |
You know what would be seriously awesome, is if they have a type of RBL |
| 2 |
listing for this kind of thing, and you could just link your iptables up to |
| 3 |
the rbl listings. |
| 4 |
|
| 5 |
(for those of you who don't know how rbl's work) |
| 6 |
|
| 7 |
Example, I see this in my auth.log: |
| 8 |
------------------------------------------- |
| 9 |
Sep 28 03:20:42 cerberus sshd[20136]: Address |
| 10 |
209.50.253.203<http://209.50.253.203>maps to |
| 11 |
srv.warofthering.net <http://srv.warofthering.net>, but this does not map |
| 12 |
back to the address - POSSIBLE BREAKIN ATTEM |
| 13 |
PT! |
| 14 |
Sep 28 03:20:43 cerberus sshd[20171]: Invalid user cchen from |
| 15 |
209.50.253.203<http://209.50.253.203> |
| 16 |
Sep 28 03:20:43 cerberus sshd[20141]: Address |
| 17 |
209.50.253.203<http://209.50.253.203>maps to |
| 18 |
srv.warofthering.net <http://srv.warofthering.net>, but this does not map |
| 19 |
back to the address - POSSIBLE BREAKIN ATTEM |
| 20 |
PT! |
| 21 |
Sep 28 03:20:43 cerberus sshd[20176]: Invalid user admin from |
| 22 |
209.50.253.203<http://209.50.253.203> |
| 23 |
Sep 28 03:20:44 cerberus sshd[20181]: Invalid user admin from |
| 24 |
209.50.253.203<http://209.50.253.203> |
| 25 |
Sep 28 03:20:44 cerberus sshd[20186]: Invalid user admin from |
| 26 |
209.50.253.203<http://209.50.253.203> |
| 27 |
------------------------------------------- |
| 28 |
|
| 29 |
I could then submit the IP address to a RBL listing site, and then all |
| 30 |
people who plugin to the rbl listing could update their firewalls with the |
| 31 |
latest listing. |
| 32 |
|
| 33 |
Just an idea, i dont know how hard it would be to do? |
| 34 |
|
| 35 |
Dave |
| 36 |
|
| 37 |
================ |
Archives