Preston Crawford me@prestoncrawford.com wrote:
I have a firewall router
<OT-Comment> Is it a "Router" or a 'Ritter? http://thebs413.blogspot.com/2005/07/ritters-because-most-natpat-devices.htm... </OT-Comment>
and I run a firewall on CentOS as well.
Does either have an intrusion detection system (IDS) or some other form of real-time packet and/or non-real-time log analysis?
I guess it's one of those things where I'm sick of seeing
it
come up in my security log, so I'd like to start sending email to the ISPs to tell them to do their job and enforce their rules for all the Windoze users out there.
Well, most ISPs already have thin margins to work on. But yes, the larger providers should be contacted, especially when a major block of theirs is infected.
But I don't want to take the time to do it manually. Any suggestions?
I already saw someone mention DShield.ORG, which seems to be the most popular right now.
On more corporate networks with ununsed IPs, I like to use various port fakers that accept a SYN, but don't accept their ACK. That keeps the zombies tied up and busy, expoentially reducing the number of hosts they can attack.