Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 12 Mar 2002 23:57:54 +0100 (CET)
From:      dirkx@covalent.net
To:        phk@FreeBSD.ORG
Cc:        hackers@FreeBSD.ORG, security@FreeBSD.ORG
Subject:   Re: Userland Hacker Task: divert socket listener...
Message-ID:  <Pine.OSX.4.43.0203122357160.16762-100000@gandalf.leiden.webweaving.org>
In-Reply-To: <35126.1015973393@critter.freebsd.dk>

next in thread | previous in thread | raw e-mail | index | archive | help

On Tue, 12 Mar 2002, Poul-Henning Kamp wrote:

> Here is something I miss a lot:
>
> I would like a small program which can listen to a specified divert(4)
> socket and act on the incoming packets.
>
> Specifically I want to direct all unwanted trafic from my ipfw rules
> into the divert socket and have the program examine these packets
> and when configured thresholds were exceeded take actions like:
>
> 	Add a blackhole route for a period of time to the source
> 	IP to prevent any packets getting back to the attacker.
>
> 	Add a blocking ipfw rule for incoming trafic from the
> 	attackers IP# for some period of time.
>
> 	Add a divert ipfw rule for incoming trafic from the
> 	attackers IP# to capture all the tricks he is trying to
> 	do.
>
> 	Log the received packets in detail in pcap format files.
>
> 	Report the packets to Dshield.org

	Reroute/rewrite all my outgoing port 25 mail to some
	magic smart host over an userland ssh connection.

Dw


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSX.4.43.0203122357160.16762-100000>