> Every deny spawns my script, my script determines if it's a true attack and > can take counter measures like email me and then shutdown the firewall > etc.etc..
=> DOS while true;do send_data_which_will_run_your_script;done; should run _many_ scripts, if not, it could be parallelized. > Other ways is to run snort or portsentry and others.. I'm happy with my > script.. it's activated once only because I forgot to allow my VPN user to > get through... ;) Oops.. Blocked him for a while.. portsentry, which blocks ips => DOS for a in `seq 1 1000`;do send_data_which_will_trigger_postsentry_from_spoofed_ips;done; where spoofed ips are google.com etc, it may include ips from your network. -- Martin Tomasek, [EMAIL PROTECTED] BOFH excuse #49: Bogon emissions
msg04649/pgp00000.pgp
Description: PGP signature
