Date: Fri, 20 Feb 2009 12:50:02 -0800 From: Bakul Shah <bakul@bitblocks.com> To: net@freebsd.org Subject: Re: A more pliable firewall Message-ID: <20090220205003.301AB5B3E@mail.bitblocks.com> In-Reply-To: Your message of "Sat, 21 Feb 2009 00:30:02 %2B1100." <20090220235840.I46613@sola.nimnet.asn.au> References: <20090220055936.035255B1B@mail.bitblocks.com> <alpine.BSF.2.00.0902201024090.18688@nys.njf-arg.bet.hn> <20090220235840.I46613@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks to everyone who responded. Looks like all the pieces to do this exist. All I have to do is to package it all in one program "sheriff" that watches various log files and pulls the trigger on the bad guy(s) at appropriate time. I think I will add a program to keep running stats on *all* the tcp/udp senders to find all those annoyingly pesky repeat senders who have no business talking to my network. What would be nice is a standard interface to report suspicious failures (sort of like syslog). If the same guy sends N DNS requests for the same thing and every request fails, chances are he is a bad guy (or a zombie acting on behalf of one). Perhaps some day a trusted network of such daemons can be used to "back pressure" the closest ISP to the sender -- who can then shut him down for a while.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090220205003.301AB5B3E>