[zorp] Zorp IDS functionality?

endre.wagner@dataware.debis.hu endre.wagner@dataware.debis.hu
Thu, 26 Jul 2001 16:12:10 +0200


I have a little question.

Is it possible to lock out an ip address from the communication for a
while, if the zorp detects that some error repeated in the communication.
(for example: There is WEB server in DMZ. The "bad guy" try some evil URL,
and for the first x times  the WEB server said some error, before the "bad
guy" find a hole. Zorp detects the "error" answares from the WEB server and
closes the communication with the "bad guy"s ip address for a "configurable
time", if x > "a configurable parameter".

So, I think it is possible with zorp, but I have a very limited phyton
programming skill. So could anybody write an examply policy.py???