Sharing ASL blacklist or new banned / shunned across network
Posted: Mon Aug 24, 2015 11:47 am
Support,
Is there anyway I can pick up the blacklist off the ASL protected server?
Brief topography. Incoming is direct into a Microtik CCR1016-12G. Then through its firewall/mangle I'm forwarding incoming connections on allowed ports into the ASL server, that then netmap out. Its also doing the LAN / WAN masquerade over ipv4.
As the CCR1016 is a 64 bit linux device id like to import the IPs into its blacklist. Its already running a tarpit to capture ports 135, 137 to 139 on repetitive connection attempts.
Is there an easy way to dump the blacklisted IPs over SSH or share them?
I'm not concerned with getting off notifications.. Simply as an IP is blacklisted, shunned, Id like it added, as when its added to the CCR1016 you set the timeout period in the blacklist.
A good feature for ASL would be to notify IP additions over syslog or SNMP, that's easily monitored.
Thanks!
Is there anyway I can pick up the blacklist off the ASL protected server?
Brief topography. Incoming is direct into a Microtik CCR1016-12G. Then through its firewall/mangle I'm forwarding incoming connections on allowed ports into the ASL server, that then netmap out. Its also doing the LAN / WAN masquerade over ipv4.
As the CCR1016 is a 64 bit linux device id like to import the IPs into its blacklist. Its already running a tarpit to capture ports 135, 137 to 139 on repetitive connection attempts.
Is there an easy way to dump the blacklisted IPs over SSH or share them?
I'm not concerned with getting off notifications.. Simply as an IP is blacklisted, shunned, Id like it added, as when its added to the CCR1016 you set the timeout period in the blacklist.
A good feature for ASL would be to notify IP additions over syslog or SNMP, that's easily monitored.
Thanks!
