RBL for script kiddies

crackp0t

crackp0t

010001100100011101010100
Jun 24, 2009
3,636
70
0
I'm thinking about making an RBL for system attacks. I know some stuff exists for this. However, all of the stuff I can find doesn't have a good distributed model. If I block it on one system my other system doesn't get the update without me making something to update the rule set on all servers. All features would be free, but donations would be welcomed. Like a typical open source project.

It would have the following features.

Automatically ban by IP address after X failures.

Send notifications to the owners of the IP blocks from my servers on your behalf.

Share blacklists between nodes. Meaning is IP 1.1.1.1 is attacking my server it would automatically be added to your server as well. If you don't want it automatically added there would be an option to download the list and import it yourself. It would also show the node that added it. The name of the node that added it would be a UUID so the actual host that added it couldn't be identified. You would only know your own. You could also select which nodes you wanted to accept updates from. For example I have 10 servers all running the scripts. I want to accept updates from only my servers. I'd whitelist my UUIDs and set everything else to deny.

The downloadable formats would be XML or CSV.

The blocking could be done by either IP Tables or hosts.deny.

Email notifications when hosts are added.
 


4a06d868d044c50af0cf9bc82d2fc19f.jpg
 
  • Like
Reactions: cougarclaws
Yeah I'm sure every sys admin will be dying to plug into that grid and broadcast to the whole hive exactly which ports of theirs are being scanned the most by bots. Why didn't anyone else think of this before?
 
People will be too scared to sign up and plug in to something like that unless it's backed by a big name such as MacAffee. Even then, they'd be very hesitant.

Businesses cringe at the thought of giving anyone the slightest indication that there may be a breach or a chance of a breach in security. The govt had to make it a law for banks to inform clients each time info was compromised ffs. Contributing data to a shared system such as this would be unthinkable to most IT shops.
 
extor said:
People will be too scared to sign up and plug in to something like that unless it's backed by a big name such as MacAffee. Even then, they'd be very hesitant.

Businesses cringe at the thought of giving anyone the slightest indication that there may be a breach or a chance of a breach in security. The govt had to make it a law for banks to inform clients each time info was compromised ffs. Contributing data to a shared system such as this would be unthinkable to most IT shops.
Click to expand...

It's not aimed at big businesses so I guess that's okay. It's aimed towards people with dedicated servers / VPS that don't have a full time admin to constantly monitor things. This isn't a business idea or a way to make money. It's a way for me to share the data between all my servers and my friends servers. I'm providing it as a free service to the community as well. Eventually I'll also be advertising BGP routes for blocking at the network level. I won't be handling that though. Some of my friends that are engineers at Cisco will be.
 
You must log in or register to reply here.
Top Bottom