[Dshield] Here's a good idea

Miles Stevenson miles at mstevenson.org
Mon Apr 12 19:54:53 GMT 2004


On Thursday 01 April 2004 05:05 pm, David Cary Hart wrote:
> Just noticed this on Freshmeat
>
> cmdblock: A tool that scans Apache logs and adds IIS exploiters to an
> iptable ruleset.

You definitely want to be careful using "auto-blockers" like this. It's very 
easy to spoof someones IP and have that person added to the blocklist. If 
someone were to write a script that jumps through a loop, sending attack 
attempts from different IP's, they might also be able to fill up your 
IPTables rule list and cause a firewall crash, slow the firewall down, or 
just make life hell. 

Just a suggestion.
 
-- 
Miles Stevenson
miles at mstevenson.org
PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63




More information about the list mailing list