On Wed, 3 Apr 2002, batz wrote:
Personally, I would like to see a mixture of the MAPS RBL and aris.securityfocus.com available, where emerging hostile netblocks can be blackholed for short periods of time using attack information gathered from and coroborated by a vast array of diverse sources.
Have a look at SAFE (url in sig). We detect smurf amplifiers and I'm currently looking at ways to export data to companies regarding large smurf amplifiers (>x250 amplification) who refuse to close after X number of warnings. I expect it will run on a free, but subscribed + authenticated basis (ie, a company subscribes and gives the IP's of their DNs servers and those servers are authorized to do lookups, but script kiddies cannot). -- Avleen Vig Work Time: Unix Systems Administrator Play Time: Network Security Officer Smurf Amplifier Finding Executive: http://www.ircnetops.org/smurf