18 Jan
2011
18 Jan
'11
3:19 p.m.
On Tue, Jan 18, 2011 at 1:12 PM, Brian R. Watters <brwatters@absfoc.com>wrote:
We are looking for the following solution.
Honey pot that collects attacks against SSH/FTP and so on
Said attacks are then sent to a master ACL on a edge Cisco router to block all traffic from these offenders ..
Of course we would require a master whitelist as well as to not be blocked from our own networks.
Any current solutions or ideas ??
--
BRW
A good start from the honeypot would be sshguard. I'm sure that it could be adapted to script out an ACL or such, as well in my usage of it it has timed values to release the block after X_amount_of_time . I'd be curious as to what other(s) you find for this. -Joe Blanchard