> From: Brian R. Watters
> Sent: Tuesday, January 18, 2011 1:14 PM
> To: Dorn Hetzel
> Cc: [email protected]
> Subject: Re: Auto ACL blocker
>
> Agreed, time to live in the ACL is critical as well .. this is primary
> to be used to stop sweeps and penetration testing .. We have SNORT
> deployed now but the process is still manual on the back end and of
> course does not respond in the time required.
I suppose you could use tcp wrappers to be creative and launch netcat to "bend"
the connection right back to the originator so they spend all their time
hacking themselves.
