On Fri, 7 Jul 2000, Michele M. Jordan wrote:
> firewall log entries to help. There's one company "mapping the
> Internet" that I've notified several times, at increasing levels of
> hostility. They just apologize for any inconvenience, but then the
> next day is another scan.....
Just curious here:
Why wouldn't you just filter the scanning network out on the border
router? I've always been a big fan of dropping all the silly stuff up
front without logging it and putting logging filters and firewalls behind
the outside screening routers. It's sure better than cluttering up logs,
and if something goes through the first screen, it's really worth the
effort to start calling people and rattling cages.
FWIW, there may be some utility in having a formal written policy (esp.
should you have to dismiss an internal employee for violating a policy)--
just make sure that the written policy allows "judgement calls."
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
