Here is something I miss a lot:
I would like a small program which can listen to a specified divert(4)
socket and act on the incoming packets.
Specifically I want to direct all unwanted trafic from my ipfw rules
into the divert socket and have the program examine these packets
and when configured thresholds were exceeded take actions like:
Add a blackhole route for a period of time to the source
IP to prevent any packets getting back to the attacker.
Add a blocking ipfw rule for incoming trafic from the
attackers IP# for some period of time.
Add a divert ipfw rule for incoming trafic from the
attackers IP# to capture all the tricks he is trying to
do.
Log the received packets in detail in pcap format files.
Report the packets to Dshield.org
etc.
Any takers ?
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
[EMAIL PROTECTED] | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
