>>If we put a prog to check our systems ( servers ) like portsentry,iplogger
>>or whatever and create a script or program to filter this logs,grab the
>>attackers IP, and auto-generate ipchains rules against the intruder???
>
>Portsentry already does something like this. You can tell it to drop route
>when it detects a scan and it will add a route from the attacker's IP to a
>valid, unused IP address you specify. To the attacker, your Linux box
>suddenly disappeared because all his packets hit your server and then go to
>this unused IP (rather than back to the bad guy). In many contexts this is
>a great idea. Nothing is all gravy, however, and the postsentry docs quite
>clearly describe the potential for an attacker to use this feature and IP
>spoofing to cause your server to lose contact with other (innocent and
>perhaps vitally important) hosts. So use with caution. I don't think
>portsentry will modify ipchains but I could be wrong about that.
Hello Allan!!
Where have you been???
You help me out many times here :)
Thanks for the advice :)
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
