[unisog] automated IP blacklist tools?

BACHAND, Dave (Info. Tech. Services) BachandD at easternct.edu
Mon Nov 22 19:55:16 GMT 2004

One thought comes to mind-  Set your domains up with a policy to reject
anonymous calls (reject anonymous=2), and consider implementing 802.1x
protocol locally on your switches.  This way only systems that you
control (and force the use of logs) can access this type of data.


-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Albert Lunde
Sent: Monday, November 22, 2004 1:53 PM
To: unisog at lists.sans.org
Subject: [unisog] automated IP blacklist tools?

We'd like to do something to prevent or rate-limit directory harvesting
and/or password guessing attacks against various network services,
our LDAP servers, and our white-pages CGI.

If I was implementing throttling of a single locally-written CGI, I'd
probably use a daemon on the same host to record requests and failures
on a
per-IP basis and decide what to deny.

However, looking at this in the bigger picture across multiple servers,
seems like this would have similar requirements to parts of various
anti-spam or intrusion-detection systems.

So I'm wondering if people can suggest existing software or products
could be adapted to this purpose?

     Albert Lunde  Albert-Lunde at northwestern.edu
                   atlunde at panix.com  (new address for personal mail)
                   Albert-Lunde at nwu.edu (old address)

unisog mailing list
unisog at lists.sans.org

More information about the unisog mailing list