> How can we detect such attacks? I get messages from time to time
>about IPX requests from the internet, as well as certain cgi-bin web
>requets that were unsavory.
a packet-sniffing router is a good place to start. for the non-techs,
that's a machine which stands between your server and the internet,
checking each chunk of data is it arrives at your network. the port
number is built into the packet's delivery information, and a packet filter
decides which packets it does and doesn't want to forward to the server.
at any event, a packet sniffer will record every TCP and UDP session (a
series of packets going both directions) and keep track of the ports in
their addresses. most commercial firewalls are designed to get downright
testy if they see a series of requests from the same source for a whole
bunch of different ports. in many cases, they'll forbid any connections
from that location at all, whether the port is normally open or not, and
start yelling for human assistance.
mike stone <[EMAIL PROTECTED]> 'net geek..
been there, done that, have network, will travel.
____________________________________________________________________
--------------------------------------------------------------------
Join The Web Consultants Association : Register on our web site Now
Web Consultants Web Site : http://just4u.com/webconsultants
If you lose the instructions All subscription/unsubscribing can be done
directly from our website for all our lists.
---------------------------------------------------------------------
