Difference between revisions of "Reactive Firewall"
(initial page creation for reactive firewall) |
m (fixed typo) |
||
| Line 1: | Line 1: | ||
Initially, this would be a firewall that had a pre-programmed set of attacks to be detected and used against an attacker. | Initially, this would be a firewall that had a pre-programmed set of attacks to be detected and used against an attacker. | ||
| − | The next stage of the project would be to make the firewall adaptive. It would dynamically detect attacks based on the certain parameters (shellcode/attempted buffer overflows/etc.) and once it has been hit several times by a specific attack on a particular service, it takes | + | The next stage of the project would be to make the firewall adaptive. It would dynamically detect attacks based on the certain parameters (shellcode/attempted buffer overflows/etc.) and once it has been hit several times by a specific attack on a particular service, it takes note of the service and the general format of the attack and generates its own version to be used against attackers. |
The final stage of this project will be to add an option to join a network (possibly p2p) of trusted firewalls on the internet that will ALL retaliate when one is attacked. This part of the project would be completely optional and not required to use other functionality of the firewall. The firewalls may also submit newly detected attacks to a central server (also optional). | The final stage of this project will be to add an option to join a network (possibly p2p) of trusted firewalls on the internet that will ALL retaliate when one is attacked. This part of the project would be completely optional and not required to use other functionality of the firewall. The firewalls may also submit newly detected attacks to a central server (also optional). | ||
Revision as of 16:14, 22 January 2007
Initially, this would be a firewall that had a pre-programmed set of attacks to be detected and used against an attacker.
The next stage of the project would be to make the firewall adaptive. It would dynamically detect attacks based on the certain parameters (shellcode/attempted buffer overflows/etc.) and once it has been hit several times by a specific attack on a particular service, it takes note of the service and the general format of the attack and generates its own version to be used against attackers.
The final stage of this project will be to add an option to join a network (possibly p2p) of trusted firewalls on the internet that will ALL retaliate when one is attacked. This part of the project would be completely optional and not required to use other functionality of the firewall. The firewalls may also submit newly detected attacks to a central server (also optional).
