[ previous ] [ next ] [ threads ]
 
 From:  Mike <lists at southwestech dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Latest virus kills m0n0wall
 Date:  Sun, 12 Aug 2007 02:59:24 -0600
Daniele Guazzoni wrote:
> Now seriously, no joke anymore.
> The (technical) viable way I see without having a crew looking at the 
> logs is some sort of IDS/IPS.
> Ideally the IDS/IPS would blacklist the source IP by injecting drop 
> rules in m0n0wall.
> 
> Pfsense has a snort-inline add-on doing exactly that. I'm not aware of 
> any snort + m0n0wall setup yet so maybe someone here can give you some 
> useful hints.
> 
> Daniele
> 

The source IP is internal though.