[unisog] automated IP blacklist tools?
BACHAND, Dave (Info. Tech. Services)
BachandD at easternct.edu
Mon Nov 22 19:55:16 GMT 2004
One thought comes to mind- Set your domains up with a policy to reject
anonymous calls (reject anonymous=2), and consider implementing 802.1x
protocol locally on your switches. This way only systems that you
control (and force the use of logs) can access this type of data.
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Albert Lunde
Sent: Monday, November 22, 2004 1:53 PM
To: unisog at lists.sans.org
Subject: [unisog] automated IP blacklist tools?
We'd like to do something to prevent or rate-limit directory harvesting
and/or password guessing attacks against various network services,
our LDAP servers, and our white-pages CGI.
If I was implementing throttling of a single locally-written CGI, I'd
probably use a daemon on the same host to record requests and failures
per-IP basis and decide what to deny.
However, looking at this in the bigger picture across multiple servers,
seems like this would have similar requirements to parts of various
anti-spam or intrusion-detection systems.
So I'm wondering if people can suggest existing software or products
could be adapted to this purpose?
Albert Lunde Albert-Lunde at northwestern.edu
atlunde at panix.com (new address for personal mail)
Albert-Lunde at nwu.edu (old address)
unisog mailing list
unisog at lists.sans.org
More information about the unisog