Alexis Lee wrote:
On Tue, Aug 27, 2002 at 06:58:57PM +0100, Raphael Mankin wrote:
How? 'sort -u' or 'grep -v' to detect duplicates will prevent the IP list growing too big.
You neglected to suggest the IPs be validated. If you allow random text to be written to your disk, you're gagging for a DoS.
I would also put in some kind of aging mechanism to remove them from the blocked list if not you could have some fun in the future...
Personally I wouldn't specifically block any hosts, ever. You never know when you are going to give yourself false positives or somebody is going to stick a load of spoofed IP addresses into your firewall causing you much misery and grief. If you are well protected in the first place then you should never have a problem, I don't see how you are improving security at all by doing this, basically you should trust nothing in the first place and make sure you are keeping your firewall tight in its default state and making sure you have all patches updates etc. You will always find that the people scanning you will have many hosts at their disposal and it will always be that one attack that succeeds that is not in your explicitaly banned list.
Adam