From owner-freebsd-security Mon Jun 24 16:50:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from kobold.compt.com (TBextgw.compt.com [209.115.146.18]) by hub.freebsd.org (Postfix) with ESMTP id A2EF137B409 for ; Mon, 24 Jun 2002 16:49:21 -0700 (PDT) Date: Mon, 24 Jun 2002 19:49:18 -0400 From: Klaus Steden To: freebsd-security@FreeBSD.ORG Subject: Re: automated blackholing Message-ID: <20020624194918.N589@cthulu.compt.com> References: <20020624183614.J589@cthulu.compt.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020624183614.J589@cthulu.compt.com>; from klaus@compt.com on Mon, Jun 24, 2002 at 06:36:14PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Okay, my apologies. I should have clarified what I'm looking to implement ... Essentially, it's this - I've got a list of clients I deny FTP access to by default (from my /etc/hosts.deny file). I'd sooner just blackhole them, but some are from large netblocks, and I'd rather blackhole individual IPs as they show up. Maybe I'm using the velvet gloves when it's not necessary, but anyway ... I was discussing this with an acquaintance who uses portsentry, configured to blackhole immediately anyone connecting to a port with no service running on it (i.e. the echo port). My situation is a little different, in that I've got a service actually running (FTP) that people need to connect to legitimately, but I'd like to blackhole illegitimate requests as they appear, rather than using TCP wrappers to disconnect them. I'm looking for something that can combine a blacklist created by me to blackhole someone connecting if he's found in the blacklist, without having to manually add blackhole routes or ipfw rules as these requests turn up - I'm only on duty 18 hours a day after all ;> Anyone done something like this before? It's sort of a back-asswards combination of existing scenarios, but it seems possible ... thanks, Klaus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message