There's people out there who are better and faster programmers than I
am. I need a simple utility written We can post it on the SA Wiki when
we're done.
I don't care what it's written in but I'm thinking that xinetd might be
easiest. What I want is something to record the IP address of any host
connection to port 25. Then going to need it to run a one line script
file that runc netcat (nc) and sends me data. Basically I just need te
IP address. I have a collector program listening that feeds the
blacklist system. The collector is.
echo "$*" | nc -w 2 <host> <port>
exit 0
The idea of this project is to collect hits on port 25 of computers that
shouldn't be hit on port 25. Thses hits would be 100% spambots and
hackers. They hit it - they get listed.
I'll share my collector code, which is a one line script.
socat -u TCP4-LISTEN:<port>,reuseaddr,fork OPEN:/logfile &
The pair of these programs can be used to collect any kind of data base
on trouble makers hitting port that shouldn't be hit. This could be used
for ssh attempts - anything. These programs feed IP collection systems
and then some task manages the list, rotates it, and generates DNS
blacklists.
I'm thinking such a system might be really useful.
Who likes this idea?
