Here is something I miss a lot:
I would like a small program which can listen to a specified divert(4) socket and act on the incoming packets. Specifically I want to direct all unwanted trafic from my ipfw rules into the divert socket and have the program examine these packets and when configured thresholds were exceeded take actions like: Add a blackhole route for a period of time to the source IP to prevent any packets getting back to the attacker. Add a blocking ipfw rule for incoming trafic from the attackers IP# for some period of time. Add a divert ipfw rule for incoming trafic from the attackers IP# to capture all the tricks he is trying to do. Log the received packets in detail in pcap format files. Report the packets to Dshield.org etc. Any takers ? -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 [EMAIL PROTECTED] | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message