[ previous ] [ next ] [ threads ]
 From:  Michael Brown <knightmb at knightmb dot dyndns dot org>
 To:  Monowall User List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] automatic change of ip when possible hacker...
 Date:  Sat, 19 Jan 2008 19:15:22 -0600
Perhaps technically after some modification you could, but it still 
won't solve your problem of would be crackers polling which ports are 
open. The m0n0wall does it's job, it let's in the ports you want and 
blocks everything else. Those ports you let in and which 
computers/applications it goes to should be more of a concern than 
m0n0wall. If you have a locked down firewall that only allows port 80 in 
to your web server, then your web server is where things should be 
secured more than worrying about what they can do to m0n0wall. Crackers 
don't go into the wild polling around looking to see if it breaks in, 
they do all their stuff at home to find out the exploits and holes, then 
go searching out in the wild for those machines which to exploit. Short 
of them guessing your m0n0wall password or some unknown exploit in 
m0n0wall, you are certainly safe from them at least messing up your 
m0n0wall box.

Michel Servaes wrote:
> Hi,
> Would it be possible to change IP (automatically) when the firewall 
> notices a possible breach ?
> Today I noticed in my log, multiple tries to several ports (known to 
> be ports of other firewalls)... 3128, 8000, 8080, 8088, 8888   (they 
> all originate from the same ip)
> It would be nice that some kind of rule would detect this - and when 
> rechecking them (on the same ports he used, I came nowhere)... but 
> when checking pure on http, I arrived at a website asphost  (some 
> polish company).
> I immediately changed my MAC address, since this looked like a 
> possible hacker trying to enter... That way my ISP changes my IP as 
> well, but this sure would be a nifty way to avoid a hacker if this 
> action would take place automatically (obviously only for people with 
> a dynamic ip)
> Kind regards,
> Michel
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch