El vie, 10 de 09 de 2004 a las 02:36, Khanh Tran escribiÃ: > How about port scanning clients behind from the firewall? Suggestions? > I'm thinking of something that could be scripted to append an iptables > rule to block the MAC address of the offending client, then notify me. > Am I looking at an NMAP plugin possibly? > > > Khanh Tran > Network Operations > Sarah Lawrence College You can look at snort+guardian to make this kind of rules, but have in mind that are easy to bypass and also there's a real danger of having a DOS if you don't have a list of IPs you never want to block, as your DNS server, your own machines and so. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
