Auto-block ( ban .. ? ) hackers. (Full Version)

All Forums >> [ISA Server 2004 Misc.] >> ISA Server 2004 Wish List



Message


penrose.l@2college.nl -> Auto-block ( ban .. ? ) hackers. (6.Feb.2004 7:42:00 PM)

In case a hacker is caught by the better IDS system (see related topic) his IP should be automatically added to a banlist.

Kind Regards,
Lex Penrose




bagins -> RE: Auto-block ( ban .. ? ) hackers. (22.Feb.2004 12:31:00 PM)

Maybe...
but if someone writes a script that utilises, let's say, NMAP to scan known ports from hundreds or thousends of false addresses, regular uses may not be able to connect because their addresses would be automaticly banned?




penrose.l@2college.nl -> RE: Auto-block ( ban .. ? ) hackers. (22.Feb.2004 6:54:00 PM)

IDS could use fingerprinting , proxy checking , etc... it can be done I think.




tshinder -> RE: Auto-block ( ban .. ? ) hackers. (22.Feb.2004 7:42:00 PM)

Hi Lex,

I seems like a good idea, but I have to agree that automatically blocking is not a good idea, because its so easy for them to spoof source addresses. Its much better to use the app layer filtering to block whatever it is they're trying to do.

Thanks!
Tom




Page: [1]