[ previous ] [ next ] [ threads ]
 From:  Dennis Karlsson <dennis at denniskarlsson dot com>
 To:  Harald Sauff <harald dot sauff at tu dash harburg dot de>
 Cc:  Monowall User List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] automatic change of ip when possible hacker...
 Date:  Mon, 21 Jan 2008 19:10:31 +0100
That's true.

I don't see the initial problem? Is port probing an issue at all? The 
firewall does it's job.

Harald Sauff wrote:
> That would be very risky. IP spoofing is nothing new, and especially for 
> UDP it's very easy. Would be pretty bad when your m0n0wall suddenly 
> blocks all responses from your DNS server because someone spoofed its 
> address... Gives a nice Denial of Service attack.
> And about IDS:
> It's "Intrusion *Detection* System", it doesn't necessarily *do* 
> anything but report about the incident. If it *does* something when 
> detecting an attack it would be an intrusion prevention system or an 
> intrusion reaction system.
> greetings,
>  Harry
> Michel Servaes wrote:
>> that indeed would be a far much better approach...
>> isn't that what IDS is about ?
>> Dennis Karlsson schreef:
>>> Wouldn't it be better if the firewall blocked all requests from that 
>>> IP for X minutes instead?
>>> Michel Servaes wrote:
>>>> Hi,
>>>> Would it be possible to change IP (automatically) when the firewall 
>>>> notices a possible breach ?
>>>> Today I noticed in my log, multiple tries to several ports (known to 
>>>> be ports of other firewalls)... 3128, 8000, 8080, 8088, 8888   (they 
>>>> all originate from the same ip)