I thought iptables and linux could block spoofed ips anyway.. this is a last resort..
thanks, George Vieira Systems Manager Citadel Computer Systems P/L http://www.citadelcomputer.com.au -----Original Message----- From: Martin Tomasek [mailto:[EMAIL PROTECTED]] Sent: Monday, 08 July 2002 9:20 AM To: [EMAIL PROTECTED] Subject: Re: hosts.deny > Every deny spawns my script, my script determines if it's a true attack and > can take counter measures like email me and then shutdown the firewall > etc.etc.. => DOS while true;do send_data_which_will_run_your_script;done; should run _many_ scripts, if not, it could be parallelized. > Other ways is to run snort or portsentry and others.. I'm happy with my > script.. it's activated once only because I forgot to allow my VPN user to > get through... ;) Oops.. Blocked him for a while.. portsentry, which blocks ips => DOS for a in `seq 1 1000`;do send_data_which_will_trigger_postsentry_from_spoofed_ips;done; where spoofed ips are google.com etc, it may include ips from your network. -- Martin Tomasek, [EMAIL PROTECTED] BOFH excuse #49: Bogon emissions
