dynamic response to Intrusion Prevention detection
UTM already knows how to block IPs that perform port scanning: why not to block also attackers as soon as Intrusion Prevention detect them ? (this way, also unknown attack packets are dropped imediately). I noticed detections are very often 4 or 5 types only, but I exclude exploiting tools try only 5 types. IP should be banned for a customizable timeout ... like 5 minutes to 4 hours: if the attacked ip (or firewalled ip-range) doesn't answer, they surely go elsewhere. Thank you
