On Mon, 21 Feb 2000, Dave Harris wrote:
> Date: Mon, 21 Feb 2000 11:30:20 +1100
> From: Dave Harris <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
> Subject: Re: Packets not destined for my network -reply
>
> Ummm, thanks for the prompt reply but that's not what I really asked.
>
> Yes, we have troubleshooting procedures and intrusion detection. But I am not
> concerned about a possible
> security breach (in this case) as my FW denied these packets.
>
> I just wanted to know how packets arrived at my firewall destined for some
> other part of the world.(See below)
Top 5 choices:
0. Misconfigured route.
1. Poor routing by your ISP.
2. Source routing is allowed through your router.
3. Compromised router.
4. Software bug in the firewall code logging the wrong address.
> Thanks for the additional info but I don't really believe router ACLs etc
> are really necessary infront of my firewall because the FW itself does it
> and it's unnecessary overhead.
It's called "Defense in depth", and it's a best common practice. On a
Cisco router, if it's an outbound filter rule on the internal interface,
the overhead is pretty much unmeasurable for any installation as small as
yours. However, since it appears that the "firewall" link is PPP, the ISP
could be hosting enough customers on that router to make it difficult for
them. Depending on their topology, the configuration issue is probably a
problem on their end.
At the *least* make sure ip directed broadcast and source routing are off
on the router. If you can sleep without filter rules there, you're a
heavier sleeper than I am.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
