First of all, let me sum up how and why I came out with this idea This morning, while lurking on various newsgroups, I found the following link
http://www.theregister.co.uk/2008/09/03/cyber_crime_reports/ now, maybe "the register" probably isn't the most trustable source of infos around, but they made a good point; what raised my interest in any case was one of the linked reports, that is http://hostexploit.com/downloads/Atrivo%20white%20paper%20082808ac.pdf now, while looking at it, I came out with an idea; if you know that a given ASN is *bad* why don't just setup things so that you'll refuse emails from that ASN ? I know that's a "null routing" task, but sometimes, for various reasons you can't just redirect all the packets from a given ASN to the sink, so why not adding to ASSP the ability to filter by ASnumber ? We already have the FBMTV mechanism, which is unique to ASSP, so why don't we add another unique feature like that :) ? To make a long story short, here's how such a feature may work, let's say you have an additional section inside the ASSP control panel reading "ASNumber filtering" (or whatever Fritz will like to call it), the section may be something like *dropdown*: ASNumber filter: disable/monitor/score/block *textbox*: Origin ASN to be filtered: ..... *textbox*: Peer ASN to be filtered: .... *textbox* Reject message for bad ASNs: .... the dropdown will allow to disable/enable the filter and tell to ASSP how to use it (monitor/score/block), while the two other textboxes will allow to enter a list of ASNumber (separated by pipe) which will be filtered by ASSP; and btw the third box will allow to enter a message to be used to reject incoming sessions in case the filter is set to block; to setup the filtering, my first idea was using the DNS lists published by the Team Cymru here http://www.team-cymru.org/Services/ip-to-asn.html but, while reading the above page, I found that there already is a ppm which will query those lists and ease things; I'm referring to http://search.cpan.org/~mikegrb/Net-Abuse-Utils/lib/Net/Abuse/Utils.pm so, the idea is to use the above ppm to obtain the ASN from the IP and then allow ASSP to make a decision about the incoming session basing its judgement on the ASNumber, or, at least to score the incoming email in case the ASN is a "bad" one Comments welcome ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
