> My reaction is that it is better to try and stop it at both the router and
> the firewall, along with an alarm on the firewall that if it sees any of
> this it means that the router has been hacked, but I would like to get
> some additional feedback on this.
You are correct and my opinion of the "consultant" with whom you are
speaking is not very high. If you know for a fact that there is a limited
number of allowed protocols or source IP's, then it only makes sense to
configure the router to screen out everything else. The ONLY possible
reason one might not want to do this, is when you want to have your
intrusion detection going off all day long at every possible bad attempt.
Screen what you can, then let any firewall/intrusion detection you are using
focus on the traffic that makes it through the screen. Screens have become
somewhat of a "bad" word these days, it seems. Just because a screening
router itself doesn't provide adequate protection for most business uses
doesn't mean that a screen doesn't have its place.
As for detecting people knocking on the outside of the screen with
disallowed protocols and such, why would one really care? Just like a
screen on my window at home, I really don't care about the bugs that are
crawling around on the outside of it....I'm only concerned about a bug that
can get through the screen into the house.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
