From: Larry Smith [mailto:lesmith@ecsis.net] Sent: Tuesday, January 18, 2011 8:32 PM
On Tue January 18 2011 13:12, Brian R. Watters wrote:
We are looking for the following solution.
Honey pot that collects attacks against SSH/FTP and so on
Said attacks are then sent to a master ACL on a edge Cisco router to block all traffic from these offenders ..
Of course we would require a master whitelist as well as to not be blocked from our own networks.
Any current solutions or ideas ??
Private BGP session with Zebra or Quagga on a linux box adding the selected IP to a null route.
As we currently do it by putting new rules automatically in firewalls (iptables) it should be easy to change it a little bit I think. After the change it should be able to put rules in Zebra/Quagga (or something similar based on Linux/Unix). As long as telnet access is available it should also be doable to put it automatically in routers without the need of a setup with BGP and Zebra/Quagga. We are currently looking for ways to increase the list with "abusive" systems to block. If someone wants to work together with us on increasing the mentioned options feel free to contact me offlist. How we get the data currently (from multiple sources) or how the process currently work isn't something I can currently mention here (at least not the details). Regards, Mark