Date: Mon, 24 Jun 2002 20:15:00 -0400 From: Klaus Steden <klaus@compt.com> To: Scott Ullrich <sullrich@CRE8.COM> Cc: freebsd-security@FreeBSD.ORG Subject: Re: automated blackholing Message-ID: <20020624201500.P589@cthulu.compt.com> In-Reply-To: <2F6DCE1EFAB3BC418B5C324F13934C96016C9E96@exchange.corp.cre8.com>; from sullrich@CRE8.COM on Mon, Jun 24, 2002 at 07:55:55PM -0400 References: <2F6DCE1EFAB3BC418B5C324F13934C96016C9E96@exchange.corp.cre8.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> FWIW, this could be done very easily with snort and the guardian perl > script. You could simply craft a snort rule for the particular port and > then change guardian to lookup host ip's on detection of the rule. If they > are listed in the file, deny them with ipfw. > > Is this more up your alley? > Yeah, it sounds like what I'm after, but based on the number of questions that asked "what exactly do you want to do?", I've been convinced that I'm over-complicating the situation, and simply blackholing what I've got listed in my /etc/hosts.deny should be enough. Klaus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020624201500.P589>