That would be very risky. IP spoofing is nothing new, and especially for
UDP it's very easy. Would be pretty bad when your m0n0wall suddenly
blocks all responses from your DNS server because someone spoofed its
address... Gives a nice Denial of Service attack.
And about IDS:
It's "Intrusion *Detection* System", it doesn't necessarily *do*
anything but report about the incident. If it *does* something when
detecting an attack it would be an intrusion prevention system or an
intrusion reaction system.
Michel Servaes wrote:
> that indeed would be a far much better approach...
> isn't that what IDS is about ?
> Dennis Karlsson schreef:
>> Wouldn't it be better if the firewall blocked all requests from that
>> IP for X minutes instead?
>> Michel Servaes wrote:
>>> Would it be possible to change IP (automatically) when the firewall
>>> notices a possible breach ?
>>> Today I noticed in my log, multiple tries to several ports (known to
>>> be ports of other firewalls)... 3128, 8000, 8080, 8088, 8888 (they
>>> all originate from the same ip)