Table of Contents
Snort - Signatures and IPTables-List out of SSH - Blacklists
NEW: all iptables-based lists and Snort-Sigs are available now as tarball for direct download, see Oinkmaster-TGZ below.
NEW: Team Cymru's Dragon Research Group releases a set of interesting Research-Papers, regarding SSH-Brute-Force, together with an Atacker-IP-List. We compile this list and publish a set uf Snort-Rules and an IPTABLES-script (see below for download)
SSHBL.org provides an actual list with IPs who tried brute-force or where denied access to ssh-accounts from different servers in USA and Germany. Out of this list we render Snort-Signatures (see example below) to block (using SnortSAM) access from these IPs whenever they try to access, and iptables-rules to block the IPs completely.
PLEASE NOTE
- these rules are still in the making and should be used for testing purposes only. WARRANTY REMOVED IN ANY CASE
- update-cycle for rules/ruleset and iptables-lists is 1hour
Oinkmaster-TGZ (all .rules / iptables-lists included)
DRG-Blacklist - Snort-Sigs
- recent IPs: http://dogtown.mare-system.de/download/DRGBlacklist.rules (NO_DROP)
DRG-Blacklist - IPTables-Script
- block all traffic: http://dogtown.mare-system.de/download/DRGBlacklist_iptables.list
- block traffic on port 22: http://dogtown.mare-system.de/download/DRGBlacklist_iptables-port22.list
SSHBlacklist - Snort-Sigs
- recent 30days - IPs: http://dogtown.mare-system.de/download/SSHBlacklist-DROP.rules
- recent 30days / NoDrop: http://dogtown.mare-system.de/download/SSHBlacklist.rules
SSHBlacklist - IPTables-Script
- block all traffic: http://dogtown.mare-system.de/download/SSHBlacklist-iptables.list
- block traffic on port 22: http://dogtown.mare-system.de/download/SSHBlacklist-iptables-port22.list
snort/sshbl_rules.txt · Last modified: 2010/09/27 19:51 by dogtown