Date: Tue, 12 Mar 2002 23:49:53 +0100 From: Poul-Henning Kamp <phk@freebsd.org> To: hackers@freebsd.org, security@freebsd.org Subject: Userland Hacker Task: divert socket listener... Message-ID: <35126.1015973393@critter.freebsd.dk>
next in thread | raw e-mail | index | archive | help
Here is something I miss a lot: I would like a small program which can listen to a specified divert(4) socket and act on the incoming packets. Specifically I want to direct all unwanted trafic from my ipfw rules into the divert socket and have the program examine these packets and when configured thresholds were exceeded take actions like: Add a blackhole route for a period of time to the source IP to prevent any packets getting back to the attacker. Add a blocking ipfw rule for incoming trafic from the attackers IP# for some period of time. Add a divert ipfw rule for incoming trafic from the attackers IP# to capture all the tricks he is trying to do. Log the received packets in detail in pcap format files. Report the packets to Dshield.org etc. Any takers ? -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35126.1015973393>