Chris Buechler wrote:
> On Jan 19, 2008 7:09 PM, Christopher M. Iarocci <iarocci at eastendsc dot com> wrote:
>> Have faith in your firewall. That is what it is there for.
> If you forced a MAC change to force an IP change every time somebody
> port scanned you, or threw something else bad at you, you'd be
> changing your IP hundreds of times a day. I guarantee your ISP would
> cut you off before long, and it's just silly anyway. Attempting to
> "run away" from attackers by changing IPs is pointless and
I agree with all this, but it did get me thinking. I have a LOT of
m0n0wall firewalls out there. I would really like to see what is going
on, and I would love to submit my findings to SNAS ISC Dshield. This
has come up from time to time, but never really gone anywhere as far as
I can tell. At least not what I need... I need to pull from the WAN
port, (About 40 or so) and we are a *nix shop. And I want to submit to
SANS, but I also want to easily be able to tell when one system is under
attack more than usual. Any ideas?