Re: [m0n0wall] automatic change of ip when possible hacker...

From:	Lee Sharp <leesharp at hal dash pc dot org>
To:	Monowall User List <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] automatic change of ip when possible hacker...
Date:	Sun, 20 Jan 2008 12:40:58 -0600

Lee Sharp wrote:
> Chris Buechler wrote:
>> On Jan 19, 2008 7:09 PM, Christopher M. Iarocci 
>> <iarocci at eastendsc dot com> wrote:
>>> Have faith in your firewall.  That is what it is there for.
> 
>> If you forced a MAC change to force an IP change every time somebody
>> port scanned you, or threw something else bad at you, you'd be
>> changing your IP hundreds of times a day. I guarantee your ISP would
>> cut you off before long, and it's just silly anyway. Attempting to
>> "run away" from attackers by changing IPs is pointless and
>> impractical.
> 
> I agree with all this, but it did get me thinking.  I have a LOT of 
> m0n0wall firewalls out there.  I would really like to see what is going 
> on, and I would love to submit my findings to SNAS ISC Dshield.  This 
> has come up from time to time, but never really gone anywhere as far as 
> I can tell.  At least not what I need...  I need to pull from the WAN 
> port, (About 40 or so) and we are a *nix shop.  And I want to submit to 
> SANS, but I also want to easily be able to tell when one system is under 
> attack more than usual.  Any ideas?

Forgot to include the link...   I am getting old...
http://isc.sans.org/howto.html

			Lee