LOL.. oops.. I guess I could just use 65xxx.
-Original Message-
From: Thomas Magill [mailto:tmag...@providecommerce.com]
Sent: Tuesday, January 18, 2011 5:23 PM
To: m...@kenweb.org; nanog@nanog.org
Subject: RE: Auto ACL blocker
-Original Message-
From: ML [mailto:m...@kenweb.org
-Original Message-
From: ML [mailto:m...@kenweb.org]
Sent: Tuesday, January 18, 2011 4:28 PM
To: nanog@nanog.org
Subject: Re: Auto ACL blocker
> I know Spamhaus doesn't offer a BGP feed of the DROP list. Has anyone
> made a homegrown solution?
"DROP is currently ava
On 1/18/2011 6:48 PM, Thomas Magill wrote:
Also, have you considered just using the spamhaus DROP list? They even have
code to have the list pushed to IOS available. You could simply substitute
your file for their list if you only want to use IPs caught by your honeypot.
http://www.spamhaus.
-Original Message-
From: Brian R. Watters [mailto:brwatt...@absfoc.com]
Sent: Tuesday, January 18, 2011 11:12 AM
To: nanog@nanog.org
Subject: Auto ACL blocker
We are looking for the following solution.
Honey pot that collects attacks against SSH/FTP and so on
Said attacks are then sent
> From: Larry Smith [mailto:lesm...@ecsis.net]
> Sent: Tuesday, January 18, 2011 8:32 PM
>
> On Tue January 18 2011 13:12, Brian R. Watters wrote:
> > We are looking for the following solution.
> >
> > Honey pot that collects attacks against SSH/FTP and so on
> >
> > Said attacks are then sent to
> From: Brian R. Watters
> Sent: Tuesday, January 18, 2011 1:14 PM
> To: Dorn Hetzel
> Cc: nanog@nanog.org
> Subject: Re: Auto ACL blocker
>
> Agreed, time to live in the ACL is critical as well .. this is primary
> to be used to stop sweeps and penetration testing ..
Dorn Hetzel " < dorn @ hetzel .org>
To: "Brian R. Watters " < brwatters @ absfoc .com>
Cc: nanog @ nanog .org, "Ronald Bonica " < rbonica @juniper.net>
Sent: Tuesday, January 18, 2011 1:01:43 PM
Subject: Re: Auto ACL blocker
One suspects this sort
t;Joe Blanchard"
To: "Brian R. Watters"
Cc: nanog@nanog.org
Sent: Tuesday, January 18, 2011 12:19:24 PM
Subject: Re: Auto ACL blocker
On Tue, Jan 18, 2011 at 1:12 PM, Brian R. Watters < brwatt...@absfoc.com >
wrote:
We are looking for the following solution.
Honey
On Tue, Jan 18, 2011 at 1:12 PM, Brian R. Watters wrote:
> We are looking for the following solution.
>
> Honey pot that collects attacks against SSH/FTP and so on
>
> Said attacks are then sent to a master ACL on a edge Cisco router to block
> all traffic from these offenders ..
>
> Of course we
January 18, 2011 11:55:28 AM
Subject: RE: Auto ACL blocker
Brian,
Have you thought about what a bad guy might do if he knew that you had such a
policy deployed? Is there a way that the bad guy might turn the policy against
you?
Ron
>
atters [mailto:brwatt...@absfoc.com]
> Sent: Tuesday, January 18, 2011 2:12 PM
> To: nanog@nanog.org
> Subject: Auto ACL blocker
>
> We are looking for the following solution.
>
> Honey pot that collects attacks against SSH/FTP and so on
>
> Said attacks are then sent to a mas
the honeypot to
export the right format.
-Original Message-
From: Brian R. Watters [mailto:brwatt...@absfoc.com]
Sent: Tuesday, January 18, 2011 11:12 AM
To: nanog@nanog.org
Subject: Auto ACL blocker
We are looking for the following solution.
Honey pot that collects attacks against SSH
On Tue January 18 2011 13:12, Brian R. Watters wrote:
> We are looking for the following solution.
>
> Honey pot that collects attacks against SSH/FTP and so on
>
> Said attacks are then sent to a master ACL on a edge Cisco router to block
> all traffic from these offenders ..
>
> Of course we woul
send/expect?
On Jan 18, 2011, at 2:12 PM, Brian R. Watters wrote:
> We are looking for the following solution.
>
> Honey pot that collects attacks against SSH/FTP and so on
>
> Said attacks are then sent to a master ACL on a edge Cisco router to block
> all traffic from these offenders ..
>
> Of
On Jan 18, 2011, at 1:12 PM, Brian R. Watters wrote:
> Any current solutions or ideas ??
This sort of thing can be gamed by attackers to cause DoS on your network/for
your users/for others trying to access resources on your network. It's a Bad
Idea.
Set up S/RTBH and do it by hand.
---
R. Watters [mailto:brwatt...@absfoc.com]
Sent: Tuesday, January 18, 2011 1:12 PM
To: nanog@nanog.org
Subject: Auto ACL blocker
We are looking for the following solution.
Honey pot that collects attacks against SSH/FTP and so on
Said attacks are then sent to a master ACL on a edge Cisco router
We are looking for the following solution.
Honey pot that collects attacks against SSH/FTP and so on
Said attacks are then sent to a master ACL on a edge Cisco router to block all
traffic from these offenders ..
Of course we would require a master whitelist as well as to not be blocked from
17 matches
Mail list logo
