From: pr0ject <pr...@re...> - 2001-11-12 17:36:41
|
Kind of an odd request, but I find myself doing this more often than not now with Nimda proliferating all over the place... FreeBSD uses a blackhole feature to throw IP/Net's into a null route using a route add command as in this example: route add -net IP -netmask 255.255... 127.0.0.1 -blackhole I use Snort as my IDS logger to track the nimda attempts, but I have to manually black hole the IP's so that i avoid false positive issues that snort sometimes creates. Think there could be an interface built to support the route command? It would make blocking these infected machines alot easier... If something like this already exists, please let me know... pr0j -- Hating the Yankees is as American as pizza pie, unwed mothers and cheating on your income tax. -- Mike Royko |