Announcement

Collapse
No announcement yet.

Herd immunity / adding to greylist

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ray
    replied
    Excellent!

    Leave a comment:


  • apb
    replied
    This information is actually collected form customers servers (not only from honeypots). So that, decisions are made based on number of incidents caused by the IP address, number of servers which were attacked, country of origin etc.

    Leave a comment:


  • ray
    replied
    OK, thanks for that.

    Might be nice to have a place to submit IPs since the correlation server (honeypot?) wont see every miscreant IP. This can also be automated, e.g., X number of reports gets an IP added to the greylist.

    Leave a comment:


  • apb
    replied
    We collect information about attackers on Imunify360 correlation server. Sophisticated machine learning techniques are used to add entries to the global graylist - parts of this list are sent to Imunify360 agents on customers servers to stop attackers before theyve started their activity with them. Populating global graylist is an automatic process - we actually designed it to work without human intervention.

    Leave a comment:


  • ray
    started a topic Herd immunity / adding to greylist

    Herd immunity / adding to greylist

    Another forum thread included this response from Cloudlinux:

    "As of the current version, we do not let users adding graylist entries manually (only removing is possible)."

    Two questions:

    Where do you get the IPs in the greylist? Herd immunity implies there is a master source of abuse IPs. I use a couple of the lists in csf.blocklists and do not want to duplicate.

    Is there a place I can submit abuse IPs (something like abuseip.com) where they will get picked up by the Imunify360 greylist?
Working...
X