[ previous ] [ next ] [ threads ]
 
 From:  Michel Servaes <michel at mcmc dot be>
 To:  Monowall User List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] automatic change of ip when possible hacker...
 Date:  Mon, 21 Jan 2008 09:25:02 +0100 
that indeed would be a far much better approach...
isn't that what IDS is about ?

Dennis Karlsson schreef:
> Wouldn't it be better if the firewall blocked all requests from that 
> IP for X minutes instead?
>
>
> Michel Servaes wrote:
>> Hi,
>>
>> Would it be possible to change IP (automatically) when the firewall 
>> notices a possible breach ?
>> Today I noticed in my log, multiple tries to several ports (known to 
>> be ports of other firewalls)... 3128, 8000, 8080, 8088, 8888   (they 
>> all originate from the same ip)
>>
>> It would be nice that some kind of rule would detect this - and when 
>> rechecking them (on the same ports he used, I came nowhere)... but 
>> when checking pure on http, I arrived at a website asphost  (some 
>> polish company).
>>
>> I immediately changed my MAC address, since this looked like a 
>> possible hacker trying to enter... That way my ISP changes my IP as 
>> well, but this sure would be a nifty way to avoid a hacker if this 
>> action would take place automatically (obviously only for people with 
>> a dynamic ip)
>>
>> Kind regards,
>> Michel
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>