Date: Tue, 28 Mar 2000 11:37:20 -0600 (CST) From: James Wyatt <jwyatt@rwsystems.net> To: Richard Martin <dmartin@origen.com> Cc: John Fitzgibbon <fitz@jfitz.com>, keramida@ceid.upatras.gr, freebsd-security@FreeBSD.ORG Subject: Re: Publishing Firewall Logs Message-ID: <Pine.BSF.4.10.10003281134020.49234-100000@bsdie.rwsystems.net> In-Reply-To: <38E0BF25.12B112C5@origen.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 28 Mar 2000, Richard Martin wrote: [ ... ] > frequently. We run down the more serious looking ones, and I must say that in > my experience about 60% of the scans that we get are from bogus IPs. Some are > also quite clever, using unused IP addresses in our network. Until there is a > more global use of outbound packet checking by ISPs, I am afraid that a lot of > people may just be filling up their hosts.allow file with chaff. > > I would likewise bet the information in the logs contains a lot of spoofed > IPs. Thus you are providing a test anvil for their learning packet forging and knowing what makes it past your router filters into your host filters. That said, I've been thinking about making our logs viewable as well. It is a good training tool for my customers to see what they should expect. My 2 bits, literally - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10003281134020.49234-100000>