Dionaea (nephentes successor) and Kippo (ssh honeypot) are a good start for the honeypot side. http://carnivore.it/ http://dionaea.carnivore.it/ http://code.google.com/p/kippo/ Watching the tty logs in kippo is great entertainment. Perfect way to collect the skiddies tools. As far as the automation of ACLs if you find a script out in the wild please share. I do know of the following SNORT to Cisco PIX perl script. Hope this helps. http://www.chaotic.org/guardian/ http://www.chaotic.org/guardian/scripts/pix-block.pl Regards, Ruben Guerra -----Original Message----- From: Brian R. Watters [mailto:brwatters@absfoc.com] Sent: Tuesday, January 18, 2011 1:12 PM To: nanog@nanog.org Subject: Auto ACL blocker We are looking for the following solution. Honey pot that collects attacks against SSH/FTP and so on Said attacks are then sent to a master ACL on a edge Cisco router to block all traffic from these offenders .. Of course we would require a master whitelist as well as to not be blocked from our own networks. Any current solutions or ideas ?? -- BRW