Preston Crawford <me@xxxxxxxxxxxxxxxxxxx> wrote:
> I have a firewall router
<OT-Comment>
Is it a "Router" or a 'Ritter?
http://thebs413.blogspot.com/2005/07/ritters-because-most-natpat-devices.html
</OT-Comment>
> and I run a firewall on CentOS as well.
Does either have an intrusion detection system (IDS) or some
other form of real-time packet and/or non-real-time log
analysis?
> I guess it's one of those things where I'm sick of seeing
it
> come up in my security log, so I'd like to start sending
> email to the ISPs to tell them to do their job and enforce
> their rules for all the Windoze users out there.
Well, most ISPs already have thin margins to work on. But
yes, the larger providers should be contacted, especially
when a major block of theirs is infected.
> But I don't want to take the time to do it manually. Any
> suggestions?
I already saw someone mention DShield.ORG, which seems to be
the most popular right now.
On more corporate networks with ununsed IPs, I like to use
various port fakers that accept a SYN, but don't accept their
ACK. That keeps the zombies tied up and busy, expoentially
reducing the number of hosts they can attack.
--
Bryan J. Smith mailto:b.j.smith@xxxxxxxx
Sent from Yahoo Mail (please excuse any missing headers)
