You guys are completely on the right track. The only other thing I'd do is add some kind of logging system so that if an IP gets blacklisted, we can show WHY it got blacklisted. (X brute force attaches / second, etc - example passwords tried, etc.) This way if a system gets blocked that is legitimate, "we" can examine the evidence and see if the claims of legitimacy are valid etc.
 | | | Andrew M. Lauppe
Consultant |
| 4051B Executive Park Dr.
Harrisburg, PA 17111
+1 (877) OS-LINUX x23
+1 (484) 421-9919 direct | |
Darren Wiebe wrote:
JR Richardson wrote:
No matter how the system is set up there should be a way to easily add known-good IP as they relate to a particular installation.
The Project Honey Pot looks great. I'm not too keen on white listing though. It would be hard to verify an attacker's IP's that hasn't been identified as bad yet. I'm sure some hackers would troll the black list and try to add their IP's as known good. I don't think this would be some automated mechanism for PBX server subscription, at least not yet. I'm thinking more along the lines of a central list, updated by community participants, to add IP's that have attacked them, with date/time of the attack. It would be up to the PBX admin to employ a filter with those black listed IP's or disregard the list all together. Thanks JR -- JR Richardson Engineering for the Masses _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
This program is specific to SSH but we've been very, very happy with the way that the denyhosts program works. It shares a list of ip addresses with a central server. However, it's easy to add your own whitelist that your system uses. I envision the same sort of functionality here.
Posts
No comments:
Post a Comment