Date: Tue, 12 Mar 2002 23:57:54 +0100 (CET) From: dirkx@covalent.net To: phk@FreeBSD.ORG Cc: hackers@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Userland Hacker Task: divert socket listener... Message-ID: <Pine.OSX.4.43.0203122357160.16762-100000@gandalf.leiden.webweaving.org> In-Reply-To: <35126.1015973393@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 12 Mar 2002, Poul-Henning Kamp wrote: > Here is something I miss a lot: > > I would like a small program which can listen to a specified divert(4) > socket and act on the incoming packets. > > Specifically I want to direct all unwanted trafic from my ipfw rules > into the divert socket and have the program examine these packets > and when configured thresholds were exceeded take actions like: > > Add a blackhole route for a period of time to the source > IP to prevent any packets getting back to the attacker. > > Add a blocking ipfw rule for incoming trafic from the > attackers IP# for some period of time. > > Add a divert ipfw rule for incoming trafic from the > attackers IP# to capture all the tricks he is trying to > do. > > Log the received packets in detail in pcap format files. > > Report the packets to Dshield.org Reroute/rewrite all my outgoing port 25 mail to some magic smart host over an userland ssh connection. Dw To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSX.4.43.0203122357160.16762-100000>