Hi!
Bernd Eckenfels wrote:
>
> Well, if you see those packets eighter it is time to switch your ISP -or-
> check your configuration. If you would mind, you should send a description
> of your network layout and your filtering rules, so we can sort that out.
>
Either the cracker took Sunday off, or Verio put a stop to it. If Verio put a stop to
it, they have my sincerest apologies for the way I dissed them earlier. I was just too
damn tired, but still, I shouldn't have been so damn knee-jerk about it. :(
The last packet to hit my box with my ISP's DNS IP address arrived last night.
[Mar 3 22:37:12 email kernel: Packet log: input DENY eth1 PROTO=6]
Thanks for the kind offer to review my setup, but I'm fairly certain that my setup is
correct - over a million denied packets can't be wrong. [Watch me get rooted tomorrow.]
>
> I'm using the stat program which is shipped with fwctl, you can also use
> professional webtrends diag programs or write your scripts yourself. I'm
> also using a reporter which is shipped with snort for IDS, but this is
> running only in the DMZ so i dont get all those denied stuff.
>
> I think on my page http://www.freefire.org/ are a few tools for that.
>
I'll stop by today.
>
> BTW: I consider it generally a bad idea to blackhole "cracker" IPs or
> "cracker" countries. This gives you a very false sense of security. Crackers
> can use hosts from nearly all networks all over the world, and you usually
> have those attacks coming from everywhere. Some more active "scanners" like
> @Home network are not realy a security treat as long as your system is
> configured thight and recent. (if it is not, dont worry about blocking,
> repair your systems!)
>
I can't help feeling the need for some type of rating scheme for ISPs similar to the
number of bugs found in OS software. Not necessarily blocking the ISP, but a method to
gauge their commitment to basic security.
Thanks again for all you help. I really appreciate it.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
