[Dshield] Firewall that bites back??? Addendum

Alberto Gonzalez ag-dshield at cerebro.violating.us
Wed Nov 20 19:31:27 GMT 2002

Well, I'm the type of person who wants to see what people throw at my 
network, thus I deployed
an Intrusion Detection System. Tools like SnortSam make this alot 
easier, yes I know the false
positives will be blocked as well when using snortsam, but you can use 
_only_ on critical alerts
(exploit attempts/dos attacks) to tell snortsam to drop a rule into your 
firewall. Though this can
have its consequences, on my home lan its doing wonders (now with pf 
support!). Hogwash is also
another great tool, that doesn't require any 3rd party firewall, since 
it drops the packet itself. Great
packet scrubber and can be run stealthy. That is my form of fighting 
back. I personally don't think
that those nimda/code red scripts out there that check your access_log 
and try nimda/code red on hosts
that attempted on you is a good idea. GIDS will become a great tool in 
the future. Hope that clarifies
a few things.


    - Alberto

Jason Allen wrote:

>I'm sorry, but once you start 'fighting back' you have done exactly what we
>are here to prevent. You will drive yourself absolutely nuts trying to pay
>back everyone in the world that is using a system maliciously. Lock your
>doors. That doesn't mean that you have to stand around all day looking out
>the peep hole either. Get a couple of good deadbolts and get some rest
>knowing that you have done everything you can to make YOUR part of the world
>a safer place. Don't fight back, just make it so their efforts are
>fruitless. Keep your Karma in the green. 

The secret to success is to start from scratch and keep on scratching.

More information about the list mailing list