[ previous ] [ next ] [ threads ]
 From:  Daniele Guazzoni <daniele dot guazzoni at gcomm dot ch>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Latest virus kills m0n0wall
 Date:  Sun, 12 Aug 2007 11:04:54 +0200
So what...
In this case is "protecting the internet from user attacks".
And protecting the state table of m0n0wall :-)

Mike wrote:
> Daniele Guazzoni wrote:
>> Now seriously, no joke anymore.
>> The (technical) viable way I see without having a crew looking at the 
>> logs is some sort of IDS/IPS.
>> Ideally the IDS/IPS would blacklist the source IP by injecting drop 
>> rules in m0n0wall.
>> Pfsense has a snort-inline add-on doing exactly that. I'm not aware of 
>> any snort + m0n0wall setup yet so maybe someone here can give you some 
>> useful hints.
>> Daniele
> The source IP is internal though.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

This message has been scanned for viruses and
dangerous content by MailGate, and is
believed to be clean.