AntiProxy wrote:
Actually, it's an external attack, apparently from a whole bunch of
compromised machines..
Do you have any idea who initiated the attack and / or why?
One thing i thought off, was to pipe tcpdump's output into a couple awks
and seds and generate IPTABLE rules on the fly..
Something you might consider would be to look at either how the ULog daemon
works, or possibly NetLink (CONFIG_IP_NF_QUEUE) directly. Either way, I
believe it would be possible to write a daemon that can have the kernel
communicate which packets it is seeing that are not already (explicitly)
processed by IPTables rules and then use a different method (NetFilter
APIs?) to dynamically update the firewall rule(s) on the fly.
I have no experience in this area, probably evident by using the wrong terms
/ names for the existing resources to communicate with the kernel. However
I think there is at least a direction to go with this. If you would like
help developing such, I'm willing to try to help.
Grant. . . .
|