Thanks to everyone who responded. Looks like all the pieces to do this exist. All I have to do is to package it all in one program "sheriff" that watches various log files and pulls the trigger on the bad guy(s) at appropriate time.
I think I will add a program to keep running stats on *all* the tcp/udp senders to find all those annoyingly pesky repeat senders who have no business talking to my network. What would be nice is a standard interface to report suspicious failures (sort of like syslog). If the same guy sends N DNS requests for the same thing and every request fails, chances are he is a bad guy (or a zombie acting on behalf of one). Perhaps some day a trusted network of such daemons can be used to "back pressure" the closest ISP to the sender -- who can then shut him down for a while. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
