10 Oct 2001 06:45:06 -0700
-----BEGIN PGP SIGNED MESSAGE-----
"Richard La Bella" <email@example.com> writes:
> Does anyone know of a way (perhaps a script) that can kill outbound
> connections from the private LAN to the Internet after a set period based on
> tcp -syn, session state, time, etc. I run a honeynet and need to be sure
> that systems exploited from the inside cannot be used to DOS or attack
> systems on the outside.
If you poke around at the Honeynet site you can find the scripts that
they use for rate-limiting and notification. You can use the limit
module to control how many outbound connection are allowed, but I am
not familiar with any way to timeout a connection. I would be more
worried about a compromised host scanning or DoSing.
-----BEGIN PGP SIGNATURE-----
Comment: Keeping the world safe for geeks.
-----END PGP SIGNATURE-----