Skip to content

November 27, 2013

Honeyport Script Dome9 Blacklist TTL Update

Dome9 just introduced the ability to set a time-to-live (TTL) option for blacklisted IPs, something I may have bugged them for about once or twice! This is nice as it allows items on your blacklist to expire after a pre-determined amount of time instead of living on in perpetuity. It’s particularly beneficial when you run something like my Honeyport that can end up blacklisting over 400 unique IPs in about two months — it saves having to go in and manually remove blacklisted IPs periodically.

I’ve updated my Honeyport script to include the option to set a TTL on blacklisted IPs when using Dome9. Note this doesn’t yet work when using IPtables as it doesn’t have an easy TTL-style option for rules. This functionality for IPtables is on my TODO list.

Check out honeyport-0.2.sh here!

Share your thoughts, post a comment.

(required)
(required)

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

css.php