[c-nsp] Log analyzer/ACL advice
John van Oppen
john at vanoppen.com
Fri Jan 5 12:09:43 EST 2007
Not really cisco related, but this is called a "darknet." Team Cymru
has a nice write up on it at http://www.cymru.com/Darknet/
John :)
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jason Lewis
Sent: Friday, January 05, 2007 8:25 AM
To: Drew Weaver
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Log analyzer/ACL advice
I wrote an ACL summarizer that you could probably modify for your task.
http://packetnexus.com/aclsumm.txt
jas
Drew Weaver wrote:
> I'd like to setup honeypots within my network which have no useful
> services what-so-ever running on them for the purpose of detecting and
> ultimately preventing any network access to various types of security
> bots (SSH scanners, brute force pw types). Has anyone ever found a
> package or a simple script for linux that will look in the /messages
log
> (or any other log) and advise ACL/Null routes based on observed
attacks?
>
> thanks,
> -Drew
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list