I don't see the initial problem? Is port probing an issue at all? The
firewall does it's job.
Harald Sauff wrote:
> That would be very risky. IP spoofing is nothing new, and especially for
> UDP it's very easy. Would be pretty bad when your m0n0wall suddenly
> blocks all responses from your DNS server because someone spoofed its
> address... Gives a nice Denial of Service attack.
> And about IDS:
> It's "Intrusion *Detection* System", it doesn't necessarily *do*
> anything but report about the incident. If it *does* something when
> detecting an attack it would be an intrusion prevention system or an
> intrusion reaction system.
> Michel Servaes wrote:
>> that indeed would be a far much better approach...
>> isn't that what IDS is about ?
>> Dennis Karlsson schreef:
>>> Wouldn't it be better if the firewall blocked all requests from that
>>> IP for X minutes instead?
>>> Michel Servaes wrote:
>>>> Would it be possible to change IP (automatically) when the firewall
>>>> notices a possible breach ?
>>>> Today I noticed in my log, multiple tries to several ports (known to
>>>> be ports of other firewalls)... 3128, 8000, 8080, 8088, 8888 (they
>>>> all originate from the same ip)