Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Network Protection: Create firewall rules to automatically "blacklist" an "attacker."

I'd like to turn on 'reactive rules' to start dropping all traffic from source IPs that trip a threshold of IPS or PF rules.

Say someone is scanning your website for IIS vulnerabilities and trips 20 IPS rules in 1 minute (administrator defined parameters), then the UTM would create a rule at the top to block all traffic to and from the attacking source IP.

Bonus points for letting the rule dissolve after N hours as well as being able to turn this rule on for specific interfaces or subnets, You could link it to the geo-location system so that this adaptive/reactive defense can be turned on for Chinese source IPs only for example.

33 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Clayton DillardClayton Dillard shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    Sascha ParisSascha Paris shared a merged idea: Network Security: Self-Defending Features  ·   · 

    6 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...

      Feedback and Knowledge Base