Difference between revisions of "Reactive Firewall"
(added new idea) |
m (fixed) |
||
| Line 1: | Line 1: | ||
| − | + | == Status == | |
| + | <onlyinclude>{{{status|Planning}}}</onlyinclude> | ||
| − | + | == Details == | |
| + | === Phase 1 === | ||
| + | Create a firewall that has a pre-programmed set of attacks to be detected and used against an attacker. | ||
| − | + | === Phase 2 === | |
| + | Make the firewall adaptive. It would dynamically detect attacks based on the certain parameters (shellcode/attempted buffer overflows/etc.) and once it has been hit several times by a specific attack on a particular service, it takes note of the service and the general format of the attack and generates its own version to be used against attackers. | ||
| − | + | === Phase 3 === | |
| + | Add an option to join a network (possibly p2p) of trusted firewalls on the internet that will ALL retaliate when one is attacked. This part of the project would be completely optional and not required to use other functionality of the firewall. The firewalls may also submit newly detected attacks to a central server (also optional). An offending part of the firewall network is automatically dropped. | ||
| − | + | The firewall also needs to take into account the various ip ranges already marked bad by groups similar to [http://peerguardian.sourceforge.net/lists/ peerguardian Peer Guardian]. | |
| + | |||
| + | === Phase 4 === | ||
| + | Make the firewall self-propagating. If it manages to get control of a remote system, it either installs itself there and secures the computer from further attack, or (if we don't make it cross platform) it cleans the windows based system and installs a native firewall (or takes similar action) that would secure it. Unfortunately, this makes the firewall look more like one of the virii it is trying to prevent infection by. | ||
Revision as of 07:58, 24 May 2007
Contents
[hide]Status
Planning
Details
Phase 1
Create a firewall that has a pre-programmed set of attacks to be detected and used against an attacker.
Phase 2
Make the firewall adaptive. It would dynamically detect attacks based on the certain parameters (shellcode/attempted buffer overflows/etc.) and once it has been hit several times by a specific attack on a particular service, it takes note of the service and the general format of the attack and generates its own version to be used against attackers.
Phase 3
Add an option to join a network (possibly p2p) of trusted firewalls on the internet that will ALL retaliate when one is attacked. This part of the project would be completely optional and not required to use other functionality of the firewall. The firewalls may also submit newly detected attacks to a central server (also optional). An offending part of the firewall network is automatically dropped.
The firewall also needs to take into account the various ip ranges already marked bad by groups similar to peerguardian Peer Guardian.
Phase 4
Make the firewall self-propagating. If it manages to get control of a remote system, it either installs itself there and secures the computer from further attack, or (if we don't make it cross platform) it cleans the windows based system and installs a native firewall (or takes similar action) that would secure it. Unfortunately, this makes the firewall look more like one of the virii it is trying to prevent infection by.
