18 Jan
2011
18 Jan
'11
4:21 p.m.
From: Brian R. Watters Sent: Tuesday, January 18, 2011 1:14 PM To: Dorn Hetzel Cc: nanog@nanog.org Subject: Re: Auto ACL blocker
Agreed, time to live in the ACL is critical as well .. this is primary to be used to stop sweeps and penetration testing .. We have SNORT deployed now but the process is still manual on the back end and of course does not respond in the time required.
I suppose you could use tcp wrappers to be creative and launch netcat to "bend" the connection right back to the originator so they spend all their time hacking themselves.