Lee Sharp wrote:
> Chris Buechler wrote:
>> On Jan 19, 2008 7:09 PM, Christopher M. Iarocci
>> <iarocci at eastendsc dot com> wrote:
>>> Have faith in your firewall. That is what it is there for.
>> If you forced a MAC change to force an IP change every time somebody
>> port scanned you, or threw something else bad at you, you'd be
>> changing your IP hundreds of times a day. I guarantee your ISP would
>> cut you off before long, and it's just silly anyway. Attempting to
>> "run away" from attackers by changing IPs is pointless and
> I agree with all this, but it did get me thinking. I have a LOT of
> m0n0wall firewalls out there. I would really like to see what is going
> on, and I would love to submit my findings to SNAS ISC Dshield. This
> has come up from time to time, but never really gone anywhere as far as
> I can tell. At least not what I need... I need to pull from the WAN
> port, (About 40 or so) and we are a *nix shop. And I want to submit to
> SANS, but I also want to easily be able to tell when one system is under
> attack more than usual. Any ideas?
Forgot to include the link... I am getting old...