We're a website and server hosting company, and the firewall protects our internal
network. Filtering at the border router affects all customers, and it has to be
pretty bad before we will take that action. We have taken that action in the past
though, and are approaching that point with this company.
-Michele
"Paul D. Robertson" wrote:
> On Fri, 7 Jul 2000, Michele M. Jordan wrote:
>
> > firewall log entries to help. There's one company "mapping the
> > Internet" that I've notified several times, at increasing levels of
> > hostility. They just apologize for any inconvenience, but then the
> > next day is another scan.....
>
> Just curious here:
>
> Why wouldn't you just filter the scanning network out on the border
> router? I've always been a big fan of dropping all the silly stuff up
> front without logging it and putting logging filters and firewalls behind
> the outside screening routers. It's sure better than cluttering up logs,
> and if something goes through the first screen, it's really worth the
> effort to start calling people and rattling cages.
>
> FWIW, there may be some utility in having a formal written policy (esp.
> should you have to dismiss an internal employee for violating a policy)--
> just make sure that the written policy allows "judgement calls."
>
> Paul
> -----------------------------------------------------------------------------
> Paul D. Robertson "My statements in this message are personal opinions
> [EMAIL PROTECTED] which may have no basis whatsoever in fact."
> PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
