Risto brought up a great idea via email. The shadowserver
and spamhaus
ip block rules are useful, but for places where they're not
blocking
with IDS aren't as useful as they could be.
So... why not make firewall rules out of these IPs. We can
script it up
and let folks pull them as desired. I think it's a great
idea.
I'll do up the scripts to convert if you all would let me
know what
formats are most useful, and what that syntax would be.
I know the usual suspects, PIX, IPF, IPTables, Cisco Null
Routes, etc.
What else do we need, and any experts in any of the above
please let me
know the syntax for a block and log rule would be.
Thanks!
Matt
--
--------------------------------------------
Matthew Jonkman, CISSP
Senior Security Engineer
Infotex
765-429-0398 Direct Anytime
765-448-6847 Office
866-679-5177 24x7 NOC
http://my.infotex.com
http://www.infotex.com
http://www.bleedingsnort
.com
--------------------------------------------
_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigs bleedingsnort.com
http://lists.bleedingsnort.com/mailman/listinfo/ble
eding-sigs
|