Re: Intruder alerts: from my ISP????
From: David (davidwnh_at_adelphia.net)
Date: 11/25/03
- Next message: Alastair Smeaton: "Re: mysterious cable modem activity"
- Previous message: Giles Harney: "Re: mysterious cable modem activity"
- In reply to: Fanchon: "Re: Intruder alerts: from my ISP????"
- Next in thread: Joseph V. Morris: "Re: Intruder alerts: from my ISP????"
- Reply: Joseph V. Morris: "Re: Intruder alerts: from my ISP????"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Nov 2003 19:41:26 GMT
Allow it from only the specific server(s) and not blocks of your ISP's
addresses if possible. Many broadcast DOS attacks will come from botted
machines on your local subnets so be as specific as possible. If you
can't get specific on IP addresses get as specific as possible and add
port numbers for DHCP to your rules. Not sure what NIS allows for but
the more specific you can be the less you will be allowing to slip by.
Many of these personal firewalls don't allow for fine-grained packet
filtering rules, but have simple checkboxes for things like DHCP. If you
have something already configured pertaining to this maybe NIS has a
configuration entry to block broadcast traffic and it is incorrectly
giving this preference over anything it has set for DHCP.
>> Bear in mine that just because your software firewall labels traffic as
>>an intrusion, doesn't mean it's malicious. It labels all traffic it is told
>>to block as an intrusion. Most of it is valid network traffic.
>
>
>
> I agree 100%! I am also not willing to open my computer to attacks
> and this is why I was asking for more informetion.
>
> I think I have figured out that for NIS the trigger is the
> 255.255.255.255 address.
>
> I am going to allow local address of 255.255.255.255 from my ISP only.
> Now I have to figure out how to tell that to NIS2003! If I can't, I'll
> be back... <S>
>
> Thanks to all of you.
>
> Francoise
- Next message: Alastair Smeaton: "Re: mysterious cable modem activity"
- Previous message: Giles Harney: "Re: mysterious cable modem activity"
- In reply to: Fanchon: "Re: Intruder alerts: from my ISP????"
- Next in thread: Joseph V. Morris: "Re: Intruder alerts: from my ISP????"
- Reply: Joseph V. Morris: "Re: Intruder alerts: from my ISP????"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
