It's features are:
routes IP's into the 'route add -blackhole' almost immediately. Runs continuously based on tcl's fileevent (as to not suck CPU time) Keeps a table in /tmp with timestamps for system reboot recovery of table Blackholes IP's for 7 days at present (removes/updates stale entries) can easily watch for other items as well.(I look for NOQUEUE: Possible Attack)
So far, it's been working really well... results can be seen at:
http://www.benjammin.net/www/pages/spam/cgi-bin/show-blackhole-list
The list is about half of what it normally is at... (about 60-80 entries)
If anyone would like a copy, I'd be happy to oblige.. It's a little longer than Dave's script. Email me directly if interested...
-Ben
David F. Skoll wrote:
Hi,
Are MIMEDefang list denizens seen a huge increase in dictionary attacks? I know I am.
Below is a shell script I run from cron every 5 minutes to firewall off hosts doing harvesting. It's Linux-specific, but can easily be adapted for other systems.
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
