OK, so thanks to all of you helping me along we now have some semblance of this: border_router <--> firewall <--> internal_router <--> intranet along with a DMZ on a spare firewall NIC. On the DMZ there is an "internet appliance" that can be wasted (if someone gets in) and I'll just call CDW and order another one, no big deal. It's a great system, and we're real happy. So we get logging of some form out of the border_router, which is directly connected (via a cable) to a W9x box running Kiwi's SYSLOGD "daemon". (Hey, it works, and the price was right.) And I'm speechless - which for me is *very* rare - by how many hits we take all day. Whether they're actual intrusions or finger checks is beyond me, as the logrec creation software is a bit vague on that. All I know is, it spits out records, and SYSLOGD shows them to me. What i'd like to do is impinge on all you fine people *just a bit more* (again, I'm real grateful for having this setup in place, Thank You all again for your advice). Do you think that running some type of IDS, like NFR, is of benefit here? I mean, at the present time, the Board doesn't seem inclined to pursue what we're seeing on SYSLOGD. Wouldn't an IDS - I mean, a *serious*, dedicated, "real hardcore not add-on frill" IDS generate information overkill? Or is it good to have the info "in your back pocket" even if we don't act on it? Without asking anyone to breach a confidence, and while respecting everyone's right to privacy, I would like to ask - what do you guys do with IDS-type output? File it away for future litigation? Analyze it for trends? Buy stock in the companies that break in? <g> I can't imagine someone calling the Feds for all of these hits I see on SYSLOGD. Sheesh, you'd have to have a full-time case officer or something. This is amazing! Anyway, Thank You all. Yvette ----------------------------------------------------------------------- Miss Yvette Seifert Hirth, CCP, CDP Voice: (847) 263 6800 The DBT Group, Inc. Fax: (847) 263 6801 176 Ambrogio Drive Email: [EMAIL PROTECTED] Gurnee, IL 60031 WWW: http://www.dbtgroup.com "The problem with the gene pool is that there's no lifeguard." --Anon - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
