From owner-freebsd-ipfw@FreeBSD.ORG  Mon Oct  3 22:16:28 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 572B216A443
	for <freebsd-ipfw@freebsd.org>; Mon,  3 Oct 2005 22:16:28 +0000 (GMT)
	(envelope-from nb_root@videotron.ca)
Received: from relais.videotron.ca (relais.videotron.ca [24.201.245.36])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0AFAB43D49
	for <freebsd-ipfw@freebsd.org>; Mon,  3 Oct 2005 22:16:27 +0000 (GMT)
	(envelope-from nb_root@videotron.ca)
Received: from clk01a ([66.130.198.54]) by VL-MO-MR004.ip.videotron.ca
	(Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005))
	with ESMTP id <0INT008P51VF7W30@VL-MO-MR004.ip.videotron.ca> for
	freebsd-ipfw@freebsd.org; Mon, 03 Oct 2005 18:16:27 -0400 (EDT)
Date: Mon, 03 Oct 2005 18:16:16 -0400
From: Nicolas Blais <nb_root@videotron.ca>
To: freebsd-ipfw@freebsd.org
Message-id: <200510031816.26658.nb_root@videotron.ca>
MIME-version: 1.0
Content-type: multipart/signed; boundary=nextPart1772521.q7IQKDRMf0;
	protocol="application/pgp-signature"; micalg=pgp-sha1
Content-transfer-encoding: 7bit
User-Agent: KMail/1.8.2
Subject: Automatically add attacks to deny list?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2005 22:16:28 -0000

--nextPart1772521.q7IQKDRMf0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hi,

Whenever someone tries a portscan or http server vulnerability scan on my=20
system, I have to manually add their ip in my /etc/ipfw.conf file such as:
add 100 deny all from xx.xxx.xxx.xxx to any

Is there a way, without enabling blackhole, to dynamically add ips to my=20
blacklist after a certain packet/sec limit or some other way?

Thanks,
Nicolas.
=2D-=20
=46reeBSD 7.0-CURRENT #0: Sat Oct  1 11:51:38 EDT 2005    =20
root@clk01a:/usr/obj/usr/src/sys/CLK01A=20
PGP? : http://www.clkroot.net/security/nb_root.asc

--nextPart1772521.q7IQKDRMf0
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQBDQa26z38ton5LGeIRAoShAJ953c/SFiptCjK7K1rdiM4s+JgKnQCeLiau
yYqIdNmnzev3W/AZJDi3DVI=
=o/K0
-----END PGP SIGNATURE-----

--nextPart1772521.q7IQKDRMf0--