[94967] in North American Network Operators' Group
Re: RBL for bots?
daemon@ATHENA.MIT.EDU (Matthew Sullivan)
Thu Feb 15 19:52:23 2007
Date: Fri, 16 Feb 2007 11:49:07 +1100
From: Matthew Sullivan <matthew@sorbs.net>
In-reply-to: <B9ECBF8D89E7684EB63FF250E8788B1942CA44@BIGLOG.thenap.com>
To: Drew Weaver <drew.weaver@thenap.com>
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
Drew Weaver wrote:
> Has anyone created an RBL, much like (possibly) the BOGON list
> which includes the IP addresses of hosts which seem to be "infected"
> and are attempting to brute-force SSH/HTTP, etc?
>
> It would be fairly easy to setup a dozen or more honeypots and examine
> the logs in order to create an initial list.
>
> Anyone know of anything like this?
web.dnsbl.sorbs.net has hosts that do this as well as korgo infected
machines, and a whole host of other types of vulnerabilities, trojans
and bots.
Do be careful about how you use the data, we don't distinguish between
the types for very good reason.
Regards,
Mat
