Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 20 Feb 2009 12:50:02 -0800
From:      Bakul Shah <bakul@bitblocks.com>
To:        net@freebsd.org
Subject:   Re: A more pliable firewall 
Message-ID:  <20090220205003.301AB5B3E@mail.bitblocks.com>
In-Reply-To: Your message of "Sat, 21 Feb 2009 00:30:02 %2B1100." <20090220235840.I46613@sola.nimnet.asn.au> 
References:  <20090220055936.035255B1B@mail.bitblocks.com> <alpine.BSF.2.00.0902201024090.18688@nys.njf-arg.bet.hn> <20090220235840.I46613@sola.nimnet.asn.au>

next in thread | previous in thread | raw e-mail | index | archive | help
Thanks to everyone who responded.  Looks like all the pieces
to do this exist.  All I have to do is to package it all in
one program "sheriff" that watches various log files and
pulls the trigger on the bad guy(s) at appropriate time.

I think I will add a program to keep running stats on *all*
the tcp/udp senders to find all those annoyingly pesky repeat
senders who have no business talking to my network.

What would be nice is a standard interface to report
suspicious failures (sort of like syslog).  If the same guy
sends N DNS requests for the same thing and every request
fails, chances are he is a bad guy (or a zombie acting on
behalf of one).  Perhaps some day a trusted network of such
daemons can be used to "back pressure" the closest ISP to the
sender -- who can then shut him down for a while.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090220205003.301AB5B3E>