[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Auto ACL blocker

Subject: Auto ACL blocker
From: tmagill at providecommerce.com (Thomas Magill)
Date: Tue, 18 Jan 2011 19:32:01 +0000
In-reply-to: <[email protected]>
References: <[email protected]>

I would consider doing it through BGP via quagga or such.  Nullrouting with BGP is much cleaner than ACLs as your config stays static and only your routing table changes.  I also imagine due to existing BGP blacklisting methods, that much of the work is already done and all you need is to get the honeypot to export the right format.

-----Original Message-----
From: Brian R. Watters [mailto:brwatters at absfoc.com] 
Sent: Tuesday, January 18, 2011 11:12 AM
To: nanog at nanog.org
Subject: Auto ACL blocker

We are looking for the following solution. 

Honey pot that collects attacks against SSH/FTP and so on 

Said attacks are then sent to a master ACL on a edge Cisco router to block all traffic from these offenders .. 

Of course we would require a master whitelist as well as to not be blocked from our own networks. 

Any current solutions or ideas ?? 

-- 

BRW

References:
- Auto ACL blocker
  - From: brwatters at absfoc.com (Brian R. Watters)

Prev by Date: Auto ACL blocker
Next by Date: Software DNS hghi availability and load balancer solution
Previous by thread: Auto ACL blocker
Next by thread: Auto ACL blocker
Index(es):
- Date
- Thread