Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Dave Strydom <strydom.dave@...>
Subject: Re: [OT?] automatically firewalling off IPs
Date: Tue, 4 Oct 2005 10:55:13 +0200
You know what would be seriously awesome, is if they have a type of RBL
listing for this kind of thing, and you could just link your iptables
up to the rbl listings.<br>
<br>
(for those of you who don't know how rbl's work)<br>
<br>
Example, I see this in my auth.log:<br>
-------------------------------------------<br>
Sep 28 03:20:42 cerberus sshd[20136]: Address <a href="http://209.50.253.203">209.50.253.203</a> maps to
<a href="http://srv.warofthering.net">srv.warofthering.net</a>, but this does not map back to the address -
POSSIBLE BREAKIN ATTEM<br>
PT!<br>
Sep 28 03:20:43 cerberus sshd[20171]: Invalid user cchen from <a href="http://209.50.253.203">209.50.253.203</a><br>
Sep 28 03:20:43 cerberus sshd[20141]: Address <a href="http://209.50.253.203">209.50.253.203</a> maps to
<a href="http://srv.warofthering.net">srv.warofthering.net</a>, but this does not map back to the address -
POSSIBLE BREAKIN ATTEM<br>
PT!<br>
Sep 28 03:20:43 cerberus sshd[20176]: Invalid user admin from <a href="http://209.50.253.203">209.50.253.203</a><br>
Sep 28 03:20:44 cerberus sshd[20181]: Invalid user admin from <a href="http://209.50.253.203">209.50.253.203</a><br>
Sep 28 03:20:44 cerberus sshd[20186]: Invalid user admin from <a href="http://209.50.253.203">209.50.253.203</a><br>
-------------------------------------------<br>
<br>
I could then submit the IP address to a RBL listing site, and then all
people who plugin to the rbl listing could update their firewalls with
the latest listing.<br>
<br>
Just an idea, i dont know how hard it would be to do?<br>
<br>
Dave<br>
<br>
================<br>
<br>
Replies:
Re: [OT?] automatically firewalling off IPs
-- Robert Larson
Re: [OT?] automatically firewalling off IPs
-- Kyle Lutze
References:
[OT?] automatically firewalling off IPs
-- Jeremy Brake
Re: [OT?] automatically firewalling off IPs
-- Jeremy Brake
Re: [OT?] automatically firewalling off IPs
-- Joerg Mertin
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: [OT?] automatically firewalling off IPs
Next by thread:
Re: [OT?] automatically firewalling off IPs
Previous by date:
Re: [OT?] automatically firewalling off IPs
Next by date:
Re: [OT?] automatically firewalling off IPs


Updated Oct 31, 2011

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.