[ previous ] [ next ] [ threads ]
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  Monowall User List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] automatic change of ip when possible hacker...
 Date:  Sun, 20 Jan 2008 12:29:35 -0600
Chris Buechler wrote:
> On Jan 19, 2008 7:09 PM, Christopher M. Iarocci <iarocci at eastendsc dot com> wrote:
>> Have faith in your firewall.  That is what it is there for.

> If you forced a MAC change to force an IP change every time somebody
> port scanned you, or threw something else bad at you, you'd be
> changing your IP hundreds of times a day. I guarantee your ISP would
> cut you off before long, and it's just silly anyway. Attempting to
> "run away" from attackers by changing IPs is pointless and
> impractical.

I agree with all this, but it did get me thinking.  I have a LOT of 
m0n0wall firewalls out there.  I would really like to see what is going 
on, and I would love to submit my findings to SNAS ISC Dshield.  This 
has come up from time to time, but never really gone anywhere as far as 
I can tell.  At least not what I need...  I need to pull from the WAN 
port, (About 40 or so) and we are a *nix shop.  And I want to submit to 
SANS, but I also want to easily be able to tell when one system is under 
attack more than usual.  Any ideas?