as mentioned on this list a while back, it seems plausible to protect a router and network a little better with network sensors, and honeypot technologies, and still do so in a lightweight fashion.
And it seemed easy to make xinetd do just a little bit more to share information about its problems with ipset and iptables. I haven't had time to work on this. I got as far as adding parser support to xinetd for a new "deny_server" argument and there it sat, waiting for me to decode the internal list of dependencies required to fork a server, and push info about the connection into env or the command line. So I just pushed up what little I got up to github and perhaps some other security minded individual will take the idea on. There's a README and a notes.org added with where things are. https://github.com/dtaht/xinetd-deny If there is something better than xinetd (of near equivalent "weight") for this sort of stuff, let me know. but I'm back now to a different salt mine... -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html _______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
