How do i block an infected PC from using our internet connection.



  • This is an open wireless connection used in a public site. We have been shutdown by Rogers due to botnet activity.
    What pack can i use to prevent this outbound activitiy?

    Thanks



  • What you probably need is SNORT as IDS/IPS.

    I never used it but it is a detrusion prevention and detection system which allows you to block source or destination IP addresses to be blocked if there is any violation. Blocking can be done by time so that an IP/host will be blocked for 1h and after that can again access and of course - if there is violation again - blocks again this IP/host.

    Of packages forum there are some threads about snort and some really good threads and how-tos from user bmeeks how to use snort.

    You should have a lookt at this and reads the threads carefully to find what you need.