I have read through several posts that do similar things to what I want to do but have not been able to figure out a decent solution for what I need.
Basically, on all our routers we have the well known brute force prevention stuff found here http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention
What we would like to do is have all these routers combine their dynamic address list for these brute forcers on the edge routers, as we have the edge routers set to not forward any traffic from the brute force source ip downstream. So what would be the best solution to get this done? Is mikrotik scripting the way to go or should I use a linux box to reach out and exchange the address lists that I want? Also, I have not seen anybody want to synchronize a dynamic address list, does this complicate things? I know in a few cases while messing around it will ignore dynamic list unless you specifically specify it.
To synchronize address lists, although not for blacklisting, I use a DNS name based address list.
On a central DNS server I have some local name that expands to many A records, and the routers read this
name periodically and put the entries in a list. The poll frequency is controlled by the TTL of the DNS entry.
The DNS server dynamically updates the list according to my requirements.
Thank you for the replies, I will look into both of these options, had never considered the DNS idea.
As far as the Blacklist, have you found that it blocks the majority of brute force attacks? Perhaps I am over thinking it to have my own dynamic lists if most of that work has already been done for me elsewhere that I can just take advantage of.