Fri 13 January 2006
Filed under Sec.
I have been trying to find a coordinated way to deal with lots of bad traffic, across multiple hosts, and at length across multiple sites. There are so many ssh sweepers out there, so many mail-spam bots, etc. We have an evolving method of dealing with Spammers, but even that is suffering. What I need is a coordinated method of blocking malicious software.
This gets more adventurous when you add the probability of people from said remote hosts being unaware of thier issues. This system should do the folowing:
What we need
- Provide a simple monitor agent for the local pc - lamigra
- Provide a simple iptables/firewall integration agent for firewall boxes - seablock
- Provide a central/cluster management server - seaport
- Allow for multiple levels of coordination with the Internet at large - seamonster
- Exchange information between 'top-level' meta-databases - lineOfSight
What it should allow
- Allow individual administrators to give weight to externally maintained sources
- Provide a secure method of notifying a central/cluster management server.
- Support *nix, BSD, etc.