Support,
Is there anyway I can pick up the blacklist off the ASL protected server?
Brief topography. Incoming is direct into a Microtik CCR1016-12G. Then through its firewall/mangle I'm forwarding incoming connections on allowed ports into the ASL server, that then netmap out. Its also doing the LAN / WAN masquerade over ipv4.
As the CCR1016 is a 64 bit linux device id like to import the IPs into its blacklist. Its already running a tarpit to capture ports 135, 137 to 139 on repetitive connection attempts.
Is there an easy way to dump the blacklisted IPs over SSH or share them?
I'm not concerned with getting off notifications.. Simply as an IP is blacklisted, shunned, Id like it added, as when its added to the CCR1016 you set the timeout period in the blacklist.
A good feature for ASL would be to notify IP additions over syslog or SNMP, that's easily monitored.
Thanks!
Sharing ASL blacklist or new banned / shunned across network
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Sharing ASL blacklist or new banned / shunned across net
Yep, they are stored in this file:
/etc/asl/blacklist
/etc/asl/blacklist
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone