nanog mailing list archives
RE: Auto ACL blocker
From: "George Bonser" <gbonser () seven com>
Date: Tue, 18 Jan 2011 13:21:46 -0800
From: Brian R. Watters Sent: Tuesday, January 18, 2011 1:14 PM To: Dorn Hetzel Cc: nanog () nanog org Subject: Re: Auto ACL blocker Agreed, time to live in the ACL is critical as well .. this is primary to be used to stop sweeps and penetration testing .. We have SNORT deployed now but the process is still manual on the back end and of course does not respond in the time required.
I suppose you could use tcp wrappers to be creative and launch netcat to "bend" the connection right back to the originator so they spend all their time hacking themselves.
Current thread:
- RE: Auto ACL blocker, (continued)
- RE: Auto ACL blocker Thomas Magill (Jan 18)
- RE: Auto ACL blocker Ronald Bonica (Jan 18)
- Re: Auto ACL blocker Brian R. Watters (Jan 18)
- Re: Auto ACL blocker Joe Blanchard (Jan 18)
- Re: Auto ACL blocker Brian R. Watters (Jan 18)
- RE: Auto ACL blocker Thomas Magill (Jan 18)
- Re: Auto ACL blocker ML (Jan 18)
- RE: Auto ACL blocker Thomas Magill (Jan 18)
- RE: Auto ACL blocker Thomas Magill (Jan 18)
- Re: Auto ACL blocker ML (Jan 18)
- Re: Auto ACL blocker Brian R. Watters (Jan 18)
- RE: Auto ACL blocker George Bonser (Jan 18)