Two questions/proposals for the netfilter core developers
s I n
Thu, 25 Oct 2001 22:32:36 +0300 (EEST)
> > The string match option was just an example. The ideea was to match
> > something (like a portscan) and than dinamically drop new connections
> > from the host that made the portscan, and so avoid another portscans or
> > an attack from that host. This kind of new target would be usefull if you
> > have a machine and don't have time to check the logs for clues about
> > portscans and then to find the ip from where the portscan came and then to
> > add a rule to the iptables that drops connections from that ip.
> Oh. IIRC, hogwash does that.
Yes. I am aware about hogwash capabilities but I was wondering if this
could be done in netfilter directly. I belive is more simply do this in
kernel space rather than to use a third party program to achieve the same
> Unfortunately the URL is missing from my brain right now, so you'll
> have to do a search (Google).
> > I hope now I made my self understood.
> > Regards,
> > Patrascu Eugeniu.
> Brad Chapman
> Permanent e-mail: email@example.com
> Current e-mail: firstname.lastname@example.org
> Alternate e-mail: email@example.com
> Do You Yahoo!?
> Make a great connection at Yahoo! Personals.