Irony, I have no comment about the NetScreen or WatchGuard decision. But regarding the overall design I have to ask, "why?". Is this your personal Internet or a corporate connection? So you are seeing "a lot of attacks from Russia and Japan"; are those attacks or just random probing of your network address space? By implementing a HoneyPot you are pretty much guaranteeing that probes and possible attacks will continue, if not increase in frequency. So these intrusions will soak up more and more of your Internet bandwidth. Are you sure you want to do that to your companies Internet connection. Many of the folks out there doing HoneyPot research WHO KNOW WHAT THEY ARE DOING are establishing new Internet connections, separate from their corporate connection, to host the honey pot. Remember, the HoneyPot draws interest and draws them away from other connections. I think your intent is good but instead of wasting bandwidth on a honeypot you should work with your provider to classify this traffic, build better filters and knock this traffic down before or as it arrives at your Internet connection. Just my $0.02. Regards, Brian >Date: Mon, 26 Mar 2001 09:28:10 -0500 >From: "Irony" <[EMAIL PROTECTED]> >Subject: Netscreen or Watchguard Firebox > >Anyone had any experience with either Netscreen or Watchguard Firebox ? >and does my design appear acceptable ? > > >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> > >I am recently seeing a lot of attacks from Russia and Japan on my >Gauntlet for NT v5.5. I am not at comfortable that I am getting the >right degree of protection. I am think about doing the following > >Internet -->Router--->Firewall >A----->HoneyPot----->Gauntlet----->IDS--->Internal Network > >Will this work and does it make sense > >I am looking for suggestions for Firewall A. I cannot afford >CheckPoint, > >Thank You - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
