Date: Tue, 28 Mar 2000 08:18:13 -0600 From: Richard Martin <dmartin@origen.com> To: John Fitzgibbon <fitz@jfitz.com> Cc: keramida@ceid.upatras.gr, freebsd-security@FreeBSD.ORG Subject: Re: Publishing Firewall Logs Message-ID: <38E0BF25.12B112C5@origen.com> References: <003801bf9688$87418540$040ba8c0@fitz> <20000326161722.A5903@hades.hell.gr> <001701bf9777$9481cc20$040ba8c0@fitz>
next in thread | previous in thread | raw e-mail | index | archive | help
Just a postscript here on a different thought. My question is on usefulness of the information in the logs. We log most of the deny packets on our firewalls and these are reviewed frequently. We run down the more serious looking ones, and I must say that in my experience about 60% of the scans that we get are from bogus IPs. Some are also quite clever, using unused IP addresses in our network. Until there is a more global use of outbound packet checking by ISPs, I am afraid that a lot of people may just be filling up their hosts.allow file with chaff. I would likewise bet the information in the logs contains a lot of spoofed IPs. -- Richard Martin dmartin@origen.com OriGen, inc. Tel: +1 512 474 7278 2525 Hartford Rd. Fax: +1 512 708 8522 Austin, TX 78703 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38E0BF25.12B112C5>