Dynamic banning of hosts
Fri, 26 Oct 2001 16:58:02 +0200
This is such a bad idea. Think of the following nmap command:
Wouldn't that have sort of the wrong effect on your system?
Just a simple question.
> -----Original Message-----
> From: Nigel Kukard [mailto:email@example.com]
> Sent: 26 October 2001 02:54
> To: Netfilter Development List
> Subject: Dynamic banning of hosts
> > > actually yes, i'm working on such a thing... basically
> using the idea from
> > > ULOG, matching packets & sending them to a central
> database server... every
> > > evening all the clients download these new updates and
> block possibly
> > > dangerous hosts. say for instance a host makes requests
> on an unused ip
> > > (we use these to detect things like nimba), if more than
> 2 ip's out of our
> > > multiple class C's gets hit an entry is made into the
> database for 7 day
> > > "ban", if more than 5 hosts get hit, the server tries to
> get the admin
> > > contact of the ip owner & sends off an email with detailed logs.
> > This is very interesting. At the moment I just use perl scripts to
> > parse the log and dynamically ban, but a centralised
> database would be
> > excellent.
> ok, could all the people interested in this contact me off
> list so i can
> basically see the demand and move it up on the list of things i must
> Kind regards