Hi Pantelis,
On 2015-09-24 Thu 12:37 PM |, Pantelis Roditis wrote:
>
> This is the exact reason why we created bofh-divert[1]. The idea is that you
> pass those packets with PF to a divert socket opened by a daemon. The daemon
> grabs the source IP and adds it to a predefined table.
>
Wow, that looks like the ticket.
If nothing else, I was considering a fake inetd driven telnet daemon,
which would just be a script to drive netcat, grab the remote ip & pfctl
add it to a table.
With pf re-directs to it for commonly attacked ports, finishing up with:
block in log from <scanners>
Cheers.
--
The only possible interpretation of any research whatever in the
`social sciences' is: some do, some don't.
-- Ernest Rutherford
