"Mike Henry" <[EMAIL PROTECTED]> writes:
> I have found myself in charge of a firewall. I am familiar with the
> technical aspects of the firewall and security in general. What I don't
> know is what do you do about sites that are obviously snooping around and
> testing all the different ports on your system. Do you alert the sites
> about the activity? Do you ignore it since the firewall is denying access
> anyway?
It really depends on your personal taste. Usually you have tons
of "door knob twisting", portscans and other things like that,
which consume a little bit bandwidth and a little bit CPU power.
All in all these things don't hurt you.
If you start alerting the orginator it can be absoultely time
consuming and frustrating, because nothing happens and the
snooping continues.
My recommendation is: collect all this "attacks" for reference
purposes, just that you know what's going on, but concentrate
your work on more relevant subjects like hardening the different
systems and doing intrusion detection at places where no one
should hack except you :-)
have fun ...
--
===============================================================
Peter Bruderer mailto:[EMAIL PROTECTED]
Bruderer Research GmbH Tel ++41 52 620 26 53
IT Security Services Fax ++41 52 620 26 54
CH-8200 Schaffhausen http://www.bruderer-research.com
===============================================================
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
