I think shorewall allows to log packets coming to various ports. Can we allow for a rule to be defined dynamically blocking the source IP of the packet in case the port being opened/ queried is not allowed by the host owner. This is what portsentry does. Portsentry creates a iptables/ ipchains rule dynamically blocking such source Ips assuming these are results of port scans or hacking activity. In addition, he includes these IPs in host.deny file. Can we do the same in shorewall?
Mohan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: 01 August, 2002 5:49 AM To: [EMAIL PROTECTED] Subject: [leaf-user] descan I received a link today to a company called descan that is providing a piece of software that sits on a Linux machine (currently only those based on the 2.4 kernel) and keeps track of scan activity detected and then periodically sends this information to the company, which then looks for patterns to, among other things, identify zombies. Their link is www.descan.net I'm interested in the opinions of this group as to whether this would be a worthwhile addition to a Bering firewall and whether this is a project worth supporting. regards! paul Paul M. Wright, Jr. McKay Technologies "making technology play nice...." ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html