1 |
You know what would be seriously awesome, is if they have a type of RBL |
2 |
listing for this kind of thing, and you could just link your iptables up to |
3 |
the rbl listings. |
4 |
|
5 |
(for those of you who don't know how rbl's work) |
6 |
|
7 |
Example, I see this in my auth.log: |
8 |
------------------------------------------- |
9 |
Sep 28 03:20:42 cerberus sshd[20136]: Address |
10 |
209.50.253.203<http://209.50.253.203>maps to |
11 |
srv.warofthering.net <http://srv.warofthering.net>, but this does not map |
12 |
back to the address - POSSIBLE BREAKIN ATTEM |
13 |
PT! |
14 |
Sep 28 03:20:43 cerberus sshd[20171]: Invalid user cchen from |
15 |
209.50.253.203<http://209.50.253.203> |
16 |
Sep 28 03:20:43 cerberus sshd[20141]: Address |
17 |
209.50.253.203<http://209.50.253.203>maps to |
18 |
srv.warofthering.net <http://srv.warofthering.net>, but this does not map |
19 |
back to the address - POSSIBLE BREAKIN ATTEM |
20 |
PT! |
21 |
Sep 28 03:20:43 cerberus sshd[20176]: Invalid user admin from |
22 |
209.50.253.203<http://209.50.253.203> |
23 |
Sep 28 03:20:44 cerberus sshd[20181]: Invalid user admin from |
24 |
209.50.253.203<http://209.50.253.203> |
25 |
Sep 28 03:20:44 cerberus sshd[20186]: Invalid user admin from |
26 |
209.50.253.203<http://209.50.253.203> |
27 |
------------------------------------------- |
28 |
|
29 |
I could then submit the IP address to a RBL listing site, and then all |
30 |
people who plugin to the rbl listing could update their firewalls with the |
31 |
latest listing. |
32 |
|
33 |
Just an idea, i dont know how hard it would be to do? |
34 |
|
35 |
Dave |
36 |
|
37 |
================ |