Ban Hosts of Dropped Flows implemented

[salvogs]

This PR resolve #5. If flow banned on port X, src_addr/dst_addr are added in blacklist ( with addresses parsed from config file).

[lucaderi]

I am afraid this PR does not address #5. This is because your check IMHO should be applied

• https://github.com/ntop/ipt_geofence/blob/main/NwInterface.cpp#L352
• https://github.com/ntop/ipt_geofence/blob/main/NwInterface.cpp#L361

Let me rephrase the need. Suppose you protect port 22 but you do not want to protect port 80 as it has to be open to everyone. If somebody has been blocked on port 22 you want also to block him on port 80. What needs to be done (and this is an open discussion) in order to become a honeypot is the following

• add another set (or use ! monitored ports) of ports to watch
• if somebody connects to such ports it is banned

We'll discuss this during the next lecture

[lucaderi]

I am afraid this PR does not address #5. This is because your check IMHO should be applied

• https://github.com/ntop/ipt_geofence/blob/main/NwInterface.cpp#L352
• https://github.com/ntop/ipt_geofence/blob/main/NwInterface.cpp#L361

Let me rephrase the need. Suppose you protect port 22 but you do not want to protect port 80 as it has to be open to everyone. If somebody has been blocked on port 22 you want also to block him on port 80. What needs to be done (and this is an open discussion) in order to become a honeypot is the following

• add another set (or use ! monitored ports) of ports to watch
• if somebody connects to such ports it is banned

We'll discuss this during the next lecture