Daniele Guazzoni wrote:
> Now seriously, no joke anymore.
> The (technical) viable way I see without having a crew looking at the
> logs is some sort of IDS/IPS.
> Ideally the IDS/IPS would blacklist the source IP by injecting drop
> rules in m0n0wall.
> Pfsense has a snort-inline add-on doing exactly that. I'm not aware of
> any snort + m0n0wall setup yet so maybe someone here can give you some
> useful hints.
The source IP is internal though.