, > > > > I left my computer for an hour and I was > > surprised to see that the connection was still on! I=20 > thought that one=20 > > of my proces was using the connection so i did a quick dump=20 > of ppp0. I=20 > > was surprise to see that some script kiddy was looking at=20 > my netbios=20 > > port! > > > > Now I have been thinking of ways to prevent these silliness from=20 > > shutting down my conneciton within 3mn. If I firewall these=20 > incoming=20 > > packets I believe that it won't help me. The blocked packet=20 > will still=20 > > traverse the ppp link. So it will still be seen as=20 > "activity" to the=20 > > ppp daemon. Correct me if I am mistaken. >=20 I'm no expert but the way I would go about this is to log established outgoing connections, then have a perl script analyze this log if the last entry is less than x minutes old and there is no existing connection then kill your ppp deamon. Now those script kiddies are probable nimda worms which seem to be everywhere. It shouldn=92t' be = hard you may even be able to do a cat /var/log/firewall | last | grep = IN=3Deth0 .... Get my drift ..
