Personally, I'm against doing anything about tickles on the _outside_ of the
router / firewall. Sometimes I log it, for my own interest, but often not
even that.
The rationale - the attacks are going to go anywhere and they're mostly
coming from spoofed / compromised systems anyway. If one were to chase them
all up, especially at a large site, one would acheive nothing and waste many
hours a week.
Intrusion Detection and Logging are vital. However, I'd save it for the
places where you _don't_ expect people to be sniffing around.
Cheers,
--
Ben Nagy
Network Consultant, Volante IT
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
> -----Original Message-----
> From: Mike Henry [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, 26 July 2000 7:55 AM
> To: [EMAIL PROTECTED]
> Subject: Basic Admin Question
>
>
> I have found myself in charge of a firewall. I am familiar with the
> technical aspects of the firewall and security in general.
> What I don't
> know is what do you do about sites that are obviously
> snooping around and
> testing all the different ports on your system. Do you alert
> the sites
> about the activity? Do you ignore it since the firewall is
> denying access
> anyway?
>
>
> Thanks,
> Mike
> ______________________________________________________________
> __________
> Get Your Private, Free E-mail from MSN Hotmail at
http://www.hotmail.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
