Hi David, I don't think that first rule, deny * > RPC, should be necessary since everything is already denied inbound from the WAN unless it has already been opened in the state table from inside the LAN. The second rule could sure help if something in your LAN has somehow gotten infected. The question is, how could that happen? One possible answer that does not point to the SonicWALL could be the connection of laptops that are also connected to unprotected networks in other locations, such as when dialing up from remote locations or on an unprotected home network.
Darrell Shandrow - Shandrow Communications! Technology consultant/instructor, network/systems administrator! A+, CCNA, Network+! Check out high quality telecommunications services at http://ld.net/?nu7i All the best to coalition forces carrying out Operation Iraqi Freedom! ----- Original Message ----- From: "David McRell" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 13, 2003 8:57 PM Subject: Re: [SonicWALL]- Cache Full > OK. Now I've got rules. > > DENY * > WAN 'RPC Service' > DENY WAN > * 'RPC Service' > > Consider that my existing rules deny ALL incoming WAN connections except for > a few IPs and small ranges. Goes to show that was not an effective defense. > Now I realize that to deny all ports except the ones we need is impossible - > or is it? > > This Microsoft Windows might really catch on someday. :-) > > > > > on 8/11/2003 12:42 PM, David McRell at [EMAIL PROTECTED] wrote: > > > Hello, SW List. > > > > Has anyone seen this, yet? > > > > 'The cache is full; 3072 open connections; some will be dropped' > > > > > > I guess I'm wondering about new exploits. A PC running XP Pro was > > generating lots of outgoing connections to port 135 when this happened. The > > destination addresses all resided within 93.130.0.0/16. > > -- > David McRell > > --- > [This E-mail scanned for viruses by Declude/F-Prot AV] > > ============================================================================ ======================= > To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name > The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ > --- [This E-mail scanned for viruses by Declude/F-Prot AV] =================================================================================================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
