From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.50)
	id 1ENCVe-0002pU-In
	for garchives@archives.gentoo.org; Wed, 05 Oct 2005 16:52:50 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.5/8.13.5) with SMTP id j95Gfo2l017809;
	Wed, 5 Oct 2005 16:41:50 GMT
Received: from easycgi.com (mail.easycgi.com [66.245.177.160])
	by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id j95Gbpau015668
	for <gentoo-security@lists.gentoo.org>; Wed, 5 Oct 2005 16:37:51 GMT
Received: from [68.89.14.73] (HELO grandpa)
  by easycgi.com (CommuniGate Pro SMTP 4.2.3)
  with ESMTP id 28269815 for gentoo-security@lists.gentoo.org; Wed, 05 Oct 2005 12:46:42 -0400
From: Robert Larson <robert@sixthings.com>
Organization: SixThings Inc.
To: gentoo-security@lists.gentoo.org
Subject: Re: [gentoo-security] [OT?] automatically firewalling off IPs
Date: Wed, 5 Oct 2005 11:46:17 -0500
User-Agent: KMail/1.8.1
References: <43404CB8.3@lunatic.net.nz> <200510040815.41603.smurphy@solsys.org> <fc38b710510040155rcf44495g935f64dbd99c3557@mail.gmail.com>
In-Reply-To: <fc38b710510040155rcf44495g935f64dbd99c3557@mail.gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-security@lists.gentoo.org>
List-Help: <mailto:gentoo-security+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-security+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-security+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-security.gentoo.org>
X-BeenThere: gentoo-security@gentoo.org
Reply-to: gentoo-security@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-6"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200510051146.17796.robert@sixthings.com>
X-Archives-Salt: e55dfa9f-b017-456e-9823-d4ccde8837df
X-Archives-Hash: d1b182afbc7ae8418519d9c25fcf9bcc

On Tuesday 04 October 2005 03:55 am, Dave Strydom wrote:
> You know what would be seriously awesome, is if they have a type of RBL
> listing for this kind of thing, and you could just link your iptables up to
> the rbl listings.
...
> I could then submit the IP address to a RBL listing site, and then all
> people who plugin to the rbl listing could update their firewalls with the
> latest listing.

This may not be the best solution pertaining to this particular thread, but 
the following site may be of use for this kind of a thing.  I would recommend 
anyone managing a firewall to at least check it out, as it is a great 
resource:
http://www.dshield.org/

If you wanted to perhaps ban the most popular (not to mention annoying) script 
kiddies (or ban and not log), you could write some form of a script that 
could just grab and parse one of these feeds:
http://www.dshield.org/feeds_doc.php

Then add some rules to your firewall, using whatever means necessary.

HTH,

Robert


-- 
gentoo-security@gentoo.org mailing list