[ previous ] [ next ] [ threads ]
 From:  Daniele Guazzoni <daniele dot guazzoni at gcomm dot ch>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Latest virus kills m0n0wall
 Date:  Sun, 12 Aug 2007 09:52:15 +0200
Now seriously, no joke anymore.
The (technical) viable way I see without having a crew looking at the logs is some sort of IDS/IPS.
Ideally the IDS/IPS would blacklist the source IP by injecting drop rules in m0n0wall.

Pfsense has a snort-inline add-on doing exactly that. 
I'm not aware of any snort + m0n0wall setup yet so maybe someone here can give you some useful


This message has been scanned for viruses and
dangerous content by MailGate, and is
believed to be clean.