store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Sat Apr 19, 2014 2:15 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 8 posts ] 
Author Message
 Post subject: Bad Bot Blacklist
Unread postPosted: Tue Jan 18, 2011 9:18 pm 
Offline
Forum Regular
Forum Regular

Joined: Wed Aug 04, 2010 2:52 pm
Posts: 257
To me a fantastic feature would be a naughty bot IP range firewall list that can be turned on and off. The mod_sec rules pick up some of these bots, but when an IP range is known, they might as well be firewalled off. And picscout should be part of the blacklist.


Top
 Profile  
 
 Post subject: Re: Bad Bot Blacklist
Unread postPosted: Wed Jan 19, 2011 3:54 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3548
Location: Chantilly, VA
Cool idea. Please let me know if this jives with that you are thinking, how about a set of RBLs for different things such as "Known Attackers (1 day, 7 day, 30 days)", "Known spammers", "Bad bots", etc.

The 1/7/30, etc. is an idea we are toying with to age out sources, we may or may not stick with that model as we have other methods of aging out sources, but we like the idea of providing some context in case you want to do this kind of calculus yourself.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Bad Bot Blacklist
Unread postPosted: Wed Jan 19, 2011 4:41 pm 
Offline
Forum Regular
Forum Regular

Joined: Wed Aug 04, 2010 2:52 pm
Posts: 257
Hi Mike,

Yeah, I like it. The aging solution is elegant too. If one could configure his machine to use the most valuable blacklists to him, that would be perfect.

If everyone's ASL reported the bad bots, malware injection attempts, etc. back to ASL to help build the blacklists, that would be even cooler. Either automagically or by human button press.


Top
 Profile  
 
 Post subject: Re: Bad Bot Blacklist
Unread postPosted: Wed Jan 19, 2011 7:46 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3548
Location: Chantilly, VA
We're going to make the entire RBL system user configurable too, so you can add/remove rbls you define as well.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Bad Bot Blacklist
Unread postPosted: Wed Jan 19, 2011 8:24 pm 
Offline
Forum Regular
Forum Regular

Joined: Wed Aug 04, 2010 2:52 pm
Posts: 257
Cool! Just so I know when to look for it, what sort of ETA do you expect?


Top
 Profile  
 
 Post subject: Re: Bad Bot Blacklist
Unread postPosted: Thu Jan 20, 2011 8:55 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3548
Location: Chantilly, VA
Its mostly a GUI enhancement, so we're planning on adding it on 3.0 which is planned for beta release the end of this quarter. Its in alpha now, and you can install the 2.9 builds which are in the testing channel - however the RBL feature described above hasnt been added yet.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Bad Bot Blacklist
Unread postPosted: Thu Apr 21, 2011 7:02 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 635
are you looking at a global community contributed list where when an attacker or bad bot hits one server it updates an upstream list somewhere and its either push/pull to the other boxes so they all get protected automatically - or are you thinking of only a responsive system that auto adds to a single host when its detected?


Top
 Profile  
 
 Post subject: Re: Bad Bot Blacklist
Unread postPosted: Thu Apr 21, 2011 9:54 pm 
Offline
Forum Regular
Forum Regular

Joined: Wed Aug 04, 2010 2:52 pm
Posts: 257
I'm thinking the 1st one!


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group