Re: Intrusion Prevention Firewall

[Mikael Olsson <mikael.olsson () clavister com>]

"Berny Stapleton (Sydney Technology)" wrote:
> I think some attack signatures should be trusted, blatently 
> obvious ones like TCP/UDP scans from the same host. I think a 
> half hour ban on this type of traffic

Good idea. Block IPs that do TCP and UDP scans. [1]

Let's see now... I foresee a cloudy day with heavy UDP showers
from 198.41.0.4 interspersed with light TCP rain drifting
in from 128.9.0.107 and 192.33.4.12.

There is also a slight risk of bad weather in the general
vicinity of 203.7.199.11.

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com

"And thus we retract the foreskin of ignorance and apply
 the wire brush of enlightenment" -- Geoff Miller.

[1] I'm not trying to make you feel bad for saying this before 
    thinking it through all the way; believe me. There are however 
    quite a few commercial boxes that actually do this. One would 
    think that they'd know better. &%#&%¤#%#
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards