Difference between revisions of "Reactive Firewall"

Revision as of 11:19, 25 January 2007

Initially, this would be a firewall that had a pre-programmed set of attacks to be detected and used against an attacker.

The next stage of the project would be to make the firewall adaptive. It would dynamically detect attacks based on the certain parameters (shellcode/attempted buffer overflows/etc.) and once it has been hit several times by a specific attack on a particular service, it takes note of the service and the general format of the attack and generates its own version to be used against attackers.

The final stage of this project will be to add an option to join a network (possibly p2p) of trusted firewalls on the internet that will ALL retaliate when one is attacked. This part of the project would be completely optional and not required to use other functionality of the firewall. The firewalls may also submit newly detected attacks to a central server (also optional).

The firewall also needs to take into account the various ip ranges already marked bad by groups similar to peerguardian.

Another idea is to have the firewall be somewhat self-propagating. If it manages to get control of a remote system, it either installs itself there and secures the computer from further attack, or (if we don't make it cross platform) it cleans the windows based system and installs a native firewall (or takes similar action) that would secure it. Unfortunately, this makes the firewall look more like one of the virii it is trying to prevent infection by.