Am 08.06.2014 17:18, schrieb Joe Laffey: > On Sun, 8 Jun 2014, Kai Krakow wrote: > >> Noel Jones <njo...@megan.vbhcs.org> schrieb: >> >> But I want to (automatically) block the suspicious networks and not first >> block all then whitelist the known-good. > > Not sure I completely understand the issue, but is this something where you > could use fail2ban to monitor your logs > in real time and autoban via iptables any ip that had failed logins? You > could whitelist your own ip range so they > never get bannned regardless.
the idea of using a RBL is that you can setup your own honeypot like i did last weekend, feed your own RBL and most likely get only real bad bots and *before* they ever touch your machine our honeypot ist using free public IP's and listens on every common port writing every connecting IP into a RBL within a week 40000 client IP's and 15%-20% don't expire after the configured 7 days because they come alaways back you can assume no customer ever will touch the honeypot
