Date: Mon, 24 Jun 2002 19:49:18 -0400 From: Klaus Steden <klaus@compt.com> To: freebsd-security@FreeBSD.ORG Subject: Re: automated blackholing Message-ID: <20020624194918.N589@cthulu.compt.com> In-Reply-To: <20020624183614.J589@cthulu.compt.com>; from klaus@compt.com on Mon, Jun 24, 2002 at 06:36:14PM -0400 References: <20020624183614.J589@cthulu.compt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Okay, my apologies. I should have clarified what I'm looking to implement ... Essentially, it's this - I've got a list of clients I deny FTP access to by default (from my /etc/hosts.deny file). I'd sooner just blackhole them, but some are from large netblocks, and I'd rather blackhole individual IPs as they show up. Maybe I'm using the velvet gloves when it's not necessary, but anyway ... I was discussing this with an acquaintance who uses portsentry, configured to blackhole immediately anyone connecting to a port with no service running on it (i.e. the echo port). My situation is a little different, in that I've got a service actually running (FTP) that people need to connect to legitimately, but I'd like to blackhole illegitimate requests as they appear, rather than using TCP wrappers to disconnect them. I'm looking for something that can combine a blacklist created by me to blackhole someone connecting if he's found in the blacklist, without having to manually add blackhole routes or ipfw rules as these requests turn up - I'm only on duty 18 hours a day after all ;> Anyone done something like this before? It's sort of a back-asswards combination of existing scenarios, but it seems possible ... thanks, Klaus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020624194918.N589>