> Whenever someone tries a portscan or http server vulnerability scan on my=20 > system, I have to manually add their ip in my /etc/ipfw.conf file such as: > add 100 deny all from xx.xxx.xxx.xxx to any > > Is there a way, without enabling blackhole, to dynamically add ips to my=20 > blacklist after a certain packet/sec limit or some other way?
I'd say that the problem is not to find how to do that, but to decide whether it is a good thing to automatically deny an IP. There must be some plugin to snort that do what you want, but the risk is either your filtering is too soft and you miss blocking some IP or too harsh and you block some legitimate traffic. Olivier _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
