Atomicorp

Is it possible to shun an IP by a shell command?

From time to time I have massive distributed FTP login attempts. I've found out that I can create my own login script with PureFTP. Most of the I can easily identify as attacks.

It would be cool if I can shun them right away from the login script. But if I call the shun script these IPs never get removed.

Last time I had these login attempts I blocked them with ASL, but ASL does not support that any more.

Perhaps file them as a request for a HIDS rule so it works correctly and other ASL users can benefit as well?

Thank you for the question, no you cant shun at this time, only blacklist. But if you'd send us the events in question we'd be happy to add in rules to take care of these events for you. And/Or if you prefer to just be able to shun from the command line, please open a feature request or send us an email with how you'd like that feature to work.