Date: Sat, 25 Mar 2000 10:31:10 -0800 From: "John Fitzgibbon" <fitz@jfitz.com> To: <freebsd-security@FreeBSD.org> Subject: Publishing Firewall Logs Message-ID: <003801bf9688$87418540$040ba8c0@fitz>
next in thread | raw e-mail | index | archive | help
I decided to start publishing my firewall logs on the web http://63.194.217.126/logs/ My thinking is that to identify the root, (excuse the pun), source of distributed attacks, administrators need access to a broad set of logs. If you can identify IP addresses that were banging on a lot of doors, (or banging on a particular door), prior to an attack, you should be able to narrow the search. My firewall box doesn't have anything much running on it and I don't use it to store anything sensitive, so I thought, "why not make the logs available?". I'm aware of the obvious counter-argument that any information you make available creates a risk. This is basically what I'm looking for feedback on -- Is this information useful? Is this a dumb idea? What specific vulnerabilities am I creating? John Fitzgibbon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003801bf9688$87418540$040ba8c0>