Re: [gentoo-security] [OT?] automatically firewalling off IPs

[Dave Strydom]

You know what would be seriously awesome, is if they have a type of RBL listing for this kind of thing, and you could just link your iptables up to the rbl listings.

(for those of you who don't know how rbl's work)

Example, I see this in my auth.log:
-------------------------------------------
Sep 28 03:20:42 cerberus sshd[20136]: Address 209.50.253.203 maps to srv.warofthering.net, but this does not map back to the address - POSSIBLE BREAKIN ATTEM
PT!
Sep 28 03:20:43 cerberus sshd[20171]: Invalid user cchen from 209.50.253.203
Sep 28 03:20:43 cerberus sshd[20141]: Address 209.50.253.203 maps to srv.warofthering.net, but this does not map back to the address - POSSIBLE BREAKIN ATTEM
PT!
Sep 28 03:20:43 cerberus sshd[20176]: Invalid user admin from 209.50.253.203
Sep 28 03:20:44 cerberus sshd[20181]: Invalid user admin from 209.50.253.203
Sep 28 03:20:44 cerberus sshd[20186]: Invalid user admin from 209.50.253.203
-------------------------------------------

I could then submit the IP address to a RBL listing site, and then all people who plugin to the rbl listing could update their firewalls with the latest listing.

Just an idea, i dont know how hard it would be to do?

Dave

================