[ previous ] [ next ] [ threads ]
 From:  Dennis Karlsson <dennis at denniskarlsson dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] automatic change of ip when possible hacker...
 Date:  Mon, 21 Jan 2008 01:26:58 +0100
Wouldn't it be better if the firewall blocked all requests from that IP 
for X minutes instead?

Michel Servaes wrote:
> Hi,
> Would it be possible to change IP (automatically) when the firewall 
> notices a possible breach ?
> Today I noticed in my log, multiple tries to several ports (known to be 
> ports of other firewalls)... 3128, 8000, 8080, 8088, 8888   (they all 
> originate from the same ip)
> It would be nice that some kind of rule would detect this - and when 
> rechecking them (on the same ports he used, I came nowhere)... but when 
> checking pure on http, I arrived at a website asphost  (some polish 
> company).
> I immediately changed my MAC address, since this looked like a possible 
> hacker trying to enter... That way my ISP changes my IP as well, but 
> this sure would be a nifty way to avoid a hacker if this action would 
> take place automatically (obviously only for people with a dynamic ip)
> Kind regards,
> Michel
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch