magnafix
12-20-2004, 12:01 PM
We're considering building this; anyone know of something similar which actually works and doesn't cost a million bucks?
In a nutshell:
A self-innoculating attack-detection system, which allows all detected scans, probes, and attacks on any server to communicate with a central 'brain', which can in turn evaluate the severity of the aggregate impact and block offending hosts at the edge of the network.
In other words, if there are multiple attempted root logins on 50 different servers we control, each server could tell the brain the the brain could say 'gee whiz, that hit 50 servers, better block the host!'
In a nutshell:
A self-innoculating attack-detection system, which allows all detected scans, probes, and attacks on any server to communicate with a central 'brain', which can in turn evaluate the severity of the aggregate impact and block offending hosts at the edge of the network.
In other words, if there are multiple attempted root logins on 50 different servers we control, each server could tell the brain the the brain could say 'gee whiz, that hit 50 servers, better block the host!'