On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote: > A daemon sits running in the background listening to a special device > (/dev) or an IPC which would originate from syslog-ng. This daemon > would then parse the log and look for suspicious things. If it found > something suspicious it would use regular expression to grab out > pertinent parts of the log (say the IP address) and act on the log > accordingly (in real time) by say dropping an IPTABLE rule down on the > IP address. > > Are there any projects out there to do this right now. If not, is this > a good idea? If it is who would be a person/group that would be > qualified and have the time/interest to develop it.
Not really a good idea. Consider what happens when someone forges the IP addresses. -- - mdz
