A more pliable firewall

[Bakul Shah]

Thanks to everyone who responded.  Looks like all the pieces
to do this exist.  All I have to do is to package it all in
one program "sheriff" that watches various log files and
pulls the trigger on the bad guy(s) at appropriate time.

I think I will add a program to keep running stats on *all*
the tcp/udp senders to find all those annoyingly pesky repeat
senders who have no business talking to my network.

What would be nice is a standard interface to report
suspicious failures (sort of like syslog).  If the same guy
sends N DNS requests for the same thing and every request
fails, chances are he is a bad guy (or a zombie acting on
behalf of one).  Perhaps some day a trusted network of such
daemons can be used to "back pressure" the closest ISP to the
sender -- who can then shut him down for a while.