1. A way to see outbound http traffic via syslog while the web proxy is on. Used to see trojan activity in realtime (i.e. phone home activity)
But this one is really good:
2. A way to temporarily block all unsolicited incoming traffic as a packet filter rule. When an unsolicited packet is received and dropped, the ASG should leave the host ip unchanged and convert host to CIDR network /32 (same as a host). (Note: since some offending ip addresses may belong to a CIDR net of /25 to /32, if /24 were always used and the last octet replaced with a zero, addresses outside of the correct range could be also blocked. So if /32 is used one could manually change the CIDR to what ever is required before making the rule permanent.) All access from that IP is blocked for the period of time chosen. Default block time could be fifteen minutes and can be user modified up to whatever (a week), with an option to make a permanent packet filter rule (with CIDR mask bit of choice) or remove it to an exception (do not create rule) list should it cause a problem. Something should be in place to allow the net admin time to make the rule permanent if he or she so chooses. So the 15 min. time may not be workable. Maybe a default time period of 48 hours or longer would be better. Maybe instead of a temporary rule, all created block rules are permanent until an exception is used.
This thread was automatically locked due to age.