Sharing information about Bans via XMPP #4104
Replies: 4 comments 1 reply
-
|
FWIW, just to reference the main RFE - #881. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you - I have added this to https://gitlab.com/JohnLines/secinfo-xmpp/-/wikis/Alternatives-and-similar-projects, which also mentions vallumd, which I have not tried myself, but might also be worth considering. |
Beta Was this translation helpful? Give feedback.
-
|
Version 0.1.9 is in the Debian NEW queue, targeted at Experimental. |
Beta Was this translation helpful? Give feedback.
-
|
Updated to version 0.1.10, which adds a coordinator module. This runs on an internal host, also part of the XMPP group, listening as the internet facing systems ban attackers. It logs the attacks into a database, and detects the Country and Hosting provider of the attacker. This is not required for the security defence role of secinfo-xmpp, but provides a start for it's research role. |
Beta Was this translation helpful? Give feedback.
-
|
Version 0.1.11 adds a basic web interface to the coordinator module - showing attackers by country, The start of the current list looks like
` ` |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Having noticed some time ago that my firewalls seem to be attacked by, in at least some cases, the same attacking hosts, I wrote a daemon called secinfo-xmpp to share the information about attackers using an XMPP group. Hosts which have secinfo-xmpp installed report bans to the group, and preemptively ban hosts which are reported on the group. The ideas is to see if an attacker is scanning for new targets it will be blocked faster. The software is very new, but is running on 5 internet facing hosts just now. It is at https://gitlab.com/JohnLines/secinfo-xmpp if you want to take a look.
Suggestions for improvements etc welcome.
Beta Was this translation helpful? Give feedback.
All reactions