[Charlug] IP Ranges to block
nkr1ptd
nkr1ptd at gmail.com
Tue Jan 27 09:55:51 EST 2009
As a full time security guy, I typically recommend to my clients using SANS
as they are very well versed in analyzing all kinds of firewall/IDS/IPS data
to trend the information. They can also help you out if you are getting hit
from a particular IP address. They have a top 10 each day and many times I
have seen it updated more often this may help:
http://www.dshield.org/top10.html
-brandon
On Mon, Jan 26, 2009 at 8:50 PM, Jason Edgecombe <jason at rampaginggeek.com>w=
rote:
> Oleg Kio wrote:
>
>> I remember reading about an app or a script that would dynamically modify
>> iptables rules based on certain criteria. For example, if someone has X
>> number of unsuccessful attempts to connect to FTP within a given timefra=
me
>> it would add that IP to iptables drop list either temporarily or
>> permanently.
>>
>> Has anyone used that? Does it work well?
>>
>> Oleg
>>
>>
> I use fail2ban ( http://www.fail2ban.org/ ) for ssh traffic. It works
> well.
>
> It blocks for 5 minutes, which is usually enough. Any fixed list will
> quickly go out of date.
>
> Unfortunately, the botnets have started to get around these defenses by
> only probing once per zombie machine.
>
> Jason
>
> _______________________________________________
> CharLUG mailing list
> CharLUG at charlug.org
> http://charlug.org/cgi-bin/mailman/listinfo/charlug
>
-- =
-------------------------
People have a tendency to do the things they hate the most, but somehow the
only time they never see it is when they are looking in the mirror. -
Brandon L Newport
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://charlug.org/pipermail/charlug/attachments/20090127/dda17978/att=
achment.htm
More information about the CharLUG
mailing list