Auto ACL blocker
gbonser at seven.com
Tue Jan 18 15:21:46 CST 2011
> From: Brian R. Watters
> Sent: Tuesday, January 18, 2011 1:14 PM
> To: Dorn Hetzel
> Cc: nanog at nanog.org
> Subject: Re: Auto ACL blocker
> Agreed, time to live in the ACL is critical as well .. this is primary
> to be used to stop sweeps and penetration testing .. We have SNORT
> deployed now but the process is still manual on the back end and of
> course does not respond in the time required.
I suppose you could use tcp wrappers to be creative and launch netcat to "bend" the connection right back to the originator so they spend all their time hacking themselves.
More information about the NANOG