Two questions/proposals for the netfilter core developers

s I n sin@Aniela.EU.ORG
Thu, 25 Oct 2001 22:32:36 +0300 (EEST)


> > The string match option was just an example. The ideea was to match
> > something (like a portscan) and than dinamically drop new connections
> > from the host that made the portscan, and so avoid another portscans or
> > an attack from that host. This kind of new target would be usefull if you
> > have a machine and don't have time to check the logs for clues about
> > portscans and then to find the ip from where the portscan came and then to
> > add a rule to the iptables that drops connections from that ip.
>
> 	Oh. IIRC, hogwash does that.
>

Yes. I am aware about hogwash capabilities but I was wondering if this
could be done in netfilter directly. I belive is more simply do this in
kernel space rather than to use a third party program to achieve the same
thing.

> 	Unfortunately the URL is missing from my brain right now, so you'll
> have to do a search (Google).
>
> >
> > I hope now I made my self understood.
> >
> >
> > Regards,
> >
> > 	Patrascu Eugeniu.
> >
>
> Brad
>
>
> =====
> Brad Chapman
>
> Permanent e-mail: kakadu_croc@yahoo.com
> Current e-mail: kakadu@adelphia.net
> Alternate e-mail: kakadu@netscape.net
>
> __________________________________________________
> Do You Yahoo!?
> Make a great connection at Yahoo! Personals.
> http://personals.yahoo.com
>