Sharing ASL blacklist or new banned / shunned across network

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
Post Reply
aus-city
Forum Regular
Forum Regular
Posts: 685
Joined: Thu Oct 26, 2006 11:56 pm

Sharing ASL blacklist or new banned / shunned across network

Unread post by aus-city »

Support,

Is there anyway I can pick up the blacklist off the ASL protected server?

Brief topography. Incoming is direct into a Microtik CCR1016-12G. Then through its firewall/mangle I'm forwarding incoming connections on allowed ports into the ASL server, that then netmap out. Its also doing the LAN / WAN masquerade over ipv4.

As the CCR1016 is a 64 bit linux device id like to import the IPs into its blacklist. Its already running a tarpit to capture ports 135, 137 to 139 on repetitive connection attempts.

Is there an easy way to dump the blacklisted IPs over SSH or share them?

I'm not concerned with getting off notifications.. Simply as an IP is blacklisted, shunned, Id like it added, as when its added to the CCR1016 you set the timeout period in the blacklist.

A good feature for ASL would be to notify IP additions over syslog or SNMP, that's easily monitored.


Thanks!
Top
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Sharing ASL blacklist or new banned / shunned across net

Unread post by mikeshinn »

Yep, they are stored in this file:

/etc/asl/blacklist
Top
aus-city
Forum Regular
Forum Regular
Posts: 685
Joined: Thu Oct 26, 2006 11:56 pm

Re: Sharing ASL blacklist or new banned / shunned across net

Unread post by aus-city »

Thanks ;)
Top
Post Reply

Return to “Atomic Protector (formerly ASL)”