[c-nsp] Log analyzer/ACL advice

John van Oppen john at vanoppen.com
Fri Jan 5 12:09:43 EST 2007


Not really cisco related, but this is called a "darknet."   Team Cymru
has a nice write up on it at http://www.cymru.com/Darknet/

John :)

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jason Lewis
Sent: Friday, January 05, 2007 8:25 AM
To: Drew Weaver
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Log analyzer/ACL advice

I wrote an ACL summarizer that you could probably modify for your task.

http://packetnexus.com/aclsumm.txt

jas

Drew Weaver wrote:
>     I'd like to setup honeypots within my network which have no useful
> services what-so-ever running on them for the purpose of detecting and
> ultimately preventing any network access to various types of security
> bots (SSH scanners, brute force pw types). Has anyone ever found a
> package or a simple script for linux that will look in the /messages
log
> (or any other log) and advise ACL/Null routes based on observed
attacks?
>  
> thanks,
> -Drew
>  
>  
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list