Re: A Question about FireWall logging




<carkaci@xxxxxxxxx> wrote in message
news:1143620311.437436.165310@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
In our company, we enable only the ACCEPTED packet logging (cisco
firewall) ? I wonder the advantage of deny or rejected pakets logging
also i.e. (full logging). Any idea ? What type of analysis can be done
at that time?


I would think the ability to get a total picture of all traffic hitting the
FW that's being rejected. I particularly like to keep track or keep an eye
on remote IP(s) the same IP coming at the FW numerous times and run analysis
reporting on how many times the same IP is coming at the FW by day, week and
month. I have not done it that often maybe 3 or 4 times that I have set a
rule on my Watchguard that I denied specific IP(s) that were coming just a
little to hard, even if the unsolicited traffic was being rejected by the
FW. It's just me, but I don't like flying half blind and want to see all
aspects of what's happening from time to time.

Duane :)


.



Relevant Pages

  • Re: A Question about FireWall logging
    ... I wonder the advantage of deny or rejected pakets logging ... I really doubt your firewall ... protocol stuff with me as I know all about it. ...
    (comp.security.firewalls)
  • Re: A question about firewall logging
    ... I wonder the advantage of deny or rejected pakets logging ... can check if it's your firewall that blocked them. ... straightjacket, but it's a really comfy and warm straightjacket, and the world ...
    (comp.security.misc)
  • A Question about FireWall logging
    ... we enable only the ACCEPTED packet logging (cisco ... I wonder the advantage of deny or rejected pakets logging ...
    (comp.security.firewalls)
  • A question about firewall logging
    ... we enable only the ACCEPTED packet logging (cisco ... I wonder the advantage of deny or rejected pakets logging ...
    (comp.security.misc)
  • Re: A Question about FireWall logging
    ... I wonder the advantage of deny or rejected pakets logging ... However sometimes dropped data that is *outbound* is very, ... deny outbound model, which is my preferance. ...
    (comp.security.firewalls)