Is it possible to shun an IP by a shell command?
From time to time I have massive distributed FTP login attempts. I've found out that I can create my own login script with PureFTP. Most of the I can easily identify as attacks.
It would be cool if I can shun them right away from the login script. But if I call the shun script these IPs never get removed.
Last time I had these login attempts I blocked them with ASL, but ASL does not support that any more.
Active Response/shun per shell command?
Re: Active Response/shun per shell command?
Perhaps file them as a request for a HIDS rule so it works correctly and other ASL users can benefit as well?
Lemonbit Internet Dedicated Server Management
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Active Response/shun per shell command?
Thank you for the question, no you cant shun at this time, only blacklist. But if you'd send us the events in question we'd be happy to add in rules to take care of these events for you. And/Or if you prefer to just be able to shun from the command line, please open a feature request or send us an email with how you'd like that feature to work.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone