My method of attack, is that I Lock everything up tight.. and open things as required.. such as www, or the domain (though what the frick does bind think it's doing with using both 53 and every IP > 1024.. So if anyone knows of a way to change bind (or in one of our servers MS DNS Service), it would be helpful. The next thing I do, is I have another host, which looks rather insecure (such as running a Win box using Nukenabber, or a simple daemon that listens for connections, logs connections does all kinds of checks and closes the socket such things to do is Double DNS checks DNS Check Revese DNS Check to verify it's not a spoof.. etc etc etc.. This is useful to detect for network scans such as Netbus or BO scans.. it's simple way to detect for these scans.. (umm inetd can do this as well, though, which I am in the process of moving this into this purpose, over my NT Box) Other then that the FW is our bastionhost, it withstands most, though it needs some changes in it's kernel, but I have to wait, for updates.. Jason - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
