[CLUE-Tech] Brute force attack from host 208.188.115.21
Dave Hahn
dhahn at techangle.com
Thu Aug 5 08:37:39 MDT 2004
[snip]
>I'm getting attempts at test and guest from 211.138.142.26 That is in AU
>space.
>
>
>
With all this going around, it made me wonder if there is/should be a
similar "system" for tracking these types of attacks as is used with
RBLs or DCC/Razor for SPAM. A distributed database that could be
automagically added to when one system "inappropriately" touches another
system. The information on the "touch" as well as the source are added
to the distributed system. Then, subscribers to the information could
use it to decide how to handle incoming traffic from those IPs. Seems
like it would shut down someone probing rather quickly - in effect, a
large part of the net would disappear.
Just a thought...
-d
More information about the clue-tech
mailing list