On 10/22/13 6:57 AM, J. Oquendo wrote:
Going to cross post this to the list (I know some of us criss-cross lists). Reasoning, a lot of IP PBXs have web based interfaces, and some need to be on the public Internet.
Cobbled together a script to scrape my logs, parse out web based attackers (SQLi, XSS, CSRF, etc) and compile said list for blacklisting. Script is pulling from 6 different web servers for now. I may add more later depending on whether or not I see a lot of usage.
Thanks. I personally would like to see it as solely raw IP addresses rather than a mix of IPs and PTRs. The PTRs may not match forward DNS, particularly if a bad guy has control of rDNS. -- Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV