Greetings!
On Mon, 30 Jun 2003 18:38:33 -0400 Phillip Hofmeister
<[EMAIL PROTECTED]> wrote:
> This daemon
> would then parse the log and look for suspicious things. If it found
> something suspicious it would use regular expression to grab out
> pertinent parts of the log (say the IP address) and act on the log
> accordingly (in real time) by say dropping an IPTABLE rule down on the
> IP address.
...which is the official license to shoot yourself into the foot. What
happens if I send you a forged, suspicious packet with source-IP equal
to the IP address of your gateway router, your DNS server, your internal
system(s), ...
Because of this reason automated systems did not get much acceptance as
they were/are more a hassle than useful. Today there are only very few
systems left that still implement some automated IP-killing scheme.
Bye
Volker Tanger
--
