Odd scans and stuff bouncing off firewalls
From: Nexus (nexus@patrol.i-way.co.uk)Date: 08/13/02
- Previous message: Robert Buckley: "RE: Subseven Scans"
- In reply to: Rob Keown: "FW: Subseven Scans"
- Next in thread: Steve Vawter: "RE: Odd scans and stuff bouncing off firewalls"
- Next in thread: Robert Buckley: "RE: Subseven Scans"
- Reply: Steve Vawter: "RE: Odd scans and stuff bouncing off firewalls"
- Reply: Craig Billado: "Re: Odd scans and stuff bouncing off firewalls"
- Reply: Greg A. Woods: "Re: Odd scans and stuff bouncing off firewalls"
- Reply: Edwards, David (JTS): "RE: Odd scans and stuff bouncing off firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Nexus" <nexus@patrol.i-way.co.uk> To: <incidents@securityfocus.com> Date: Tue, 13 Aug 2002 16:57:31 +0100
Just a quick straw poll to see if anyone has any hard data that supports the
logging and analysis of traffic that bounces off of filtering devices as
part of a business security plan ? Other than generating attack metrics to
wave under the noses of senior managment at budget time, is there any
definite _business_ requirement to have IDS sensors outside the firewall or
firewall "drop" logs et al regularly examined in the context of "external"
attack sources ?
"We defended against X bazillion hack attacks last year so we need a bigger
budget for more stuff.."
BableFish (H2G2 version) : "Tons of port scans and worms from non
accountable netblocks bounced off of the firewall"
I don't bother to chase anything from anywhere unless it makes it through
the filters because I could care less and it would IMHO purely be a time
sink and even then only if it's from a netblock that has a whois abuse@
entry. As I said, this is purely my own view, on my own network knowing
the sheer amount of background radiation on the internet, so I would
appreciate some other points of view.
Cheers.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Robert Buckley: "RE: Subseven Scans"
- In reply to: Rob Keown: "FW: Subseven Scans"
- Next in thread: Steve Vawter: "RE: Odd scans and stuff bouncing off firewalls"
- Next in thread: Robert Buckley: "RE: Subseven Scans"
- Reply: Steve Vawter: "RE: Odd scans and stuff bouncing off firewalls"
- Reply: Craig Billado: "Re: Odd scans and stuff bouncing off firewalls"
- Reply: Greg A. Woods: "Re: Odd scans and stuff bouncing off firewalls"
- Reply: Edwards, David (JTS): "RE: Odd scans and stuff bouncing off firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
