Re: [SLUG] Blacklisting bad guys.

From: Eben King (eben01@verizon.net)
Date: Fri Feb 02 2007 - 15:07:05 EST


On Fri, 2 Feb 2007, Chris Mathey wrote:

> Eben King wrote:
>> On Fri, 2 Feb 2007, Todd Patton wrote:
>>
>>> I run a vsftp server for several users and clients of my work and I keep
>>> getting hits for account "administrator" password <guess>. These usually
>>> happen all night long from Asia Pacific networks, until I get to work in
>>> the morning and add the ip-address to the firewall black list. This just
>>> annoys the hell out of me. Is there a way to automatically add an ip
>>> address to the host.deny file when someone tries to log into ftp using
>>> "administrator" as a user name? Any suggestions on automatically
>>> blacklisting these obvious scripts?
>>
>> Black-hole the entire */8 unless you have prior valid logons from there?
>>
> How about all of Asia-Pac ? ;p

[list]

Or, if you can do netmasks with widths other than multiples of 8,

  56.0.0.0/6
112.0.0.0/5
124.0.0.0/7
126.0.0.0/8
169.208.0.0/12
202.0.0.0/7
210.0.0.0/7
218.0.0.0/7
220.0.0.0/7

-- 
-eben    QebWenE01R@vTerYizUonI.nOetP    royalty.no-ip.org:81
TAURUS:  You will never find true happiness - what you gonna
do, cry about it?  The stars predict tomorrow you'll wake up,
do a bunch of stuff and then go back to sleep.  -- Weird Al
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS).  Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:11:45 EDT