From: Heiko Z. <he...@zu...> - 2005-02-23 21:17:40
|
> Your familiar with the term reactive firewall right? I was wondering > if DL can be tweaked to say connect back to an attacker and spawn a shell > and execute code against their box or perhaps be conditional like warn and > if attacker persists execute a command-to say block their IP and crash > their machine.Of course if they poisoned their arp cache and spoofed their > IP the IP Block wouldn't do much more than bog > down the machine-I'm going to try to roll my own and test it-but I'd like > to see if I can make it reactive in the process. Nothing like that will ever go into DL, since it doesn't make sense to attack an attacker, you'll just get more attention. The only thing which would make sense is auto-blocking of attackers, but this has too many down sides too. For example a DoS is very easy if you implemented it. -- Regards Heiko Zuerker http://www.devil-linux.org |