Dynamic banning of hosts

Nigel Kukard nkukard@lbsd.net
Fri, 26 Oct 2001 12:53:43 +0000 (UTC)


> > actually yes, i'm working on such a thing... basically using the idea from
> > ULOG, matching packets & sending them to a central database server... every
> > evening all the clients download these new updates and block possibly
> > dangerous hosts. say for instance a host makes requests on an unused ip
> > (we use these to detect things like nimba), if more than 2 ip's out of our
> > multiple class C's gets hit an entry is made into the database for 7 day
> > "ban", if more than 5 hosts get hit, the server tries to get the admin
> > contact of the ip owner & sends off an email with detailed logs.
> This is very interesting.  At the moment I just use perl scripts to
> parse the log and dynamically ban, but a centralised database would be
> excellent.

ok, could all the people interested in this contact me off list so i can
basically see the demand and move it up on the list of things i must
release.


Kind regards
Nigel