Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: screen and choke network config

From: Luca Berra <bluca () comedia it>
Date: Wed, 29 May 2002 08:05:50 +0200
On Tue, May 28, 2002 at 03:07:43PM -0400, Dave Piscitello wrote:

I realized looking through my logs that I can save duplicate log
entries if I packet filter annoying inbound TCP/UDP/ICMP types
at the access router. Since all the firewalls will have a default
deny all inbound policy (except the one firewall that allows http),
I'd set the access router in an inverse manner
to "allow anything but stuff I don't want duplicate log entries for".

I wonder what beyond the following list you might add. These
are the ports I most frequently see in my last 3 months' logs...

23 telnet
69 tftp
79 finger
111 sunrpc
137, 138, 139 msft noiseBOIS
161, 162 snmp, trap
194 irc
512-514 remote exec, login, shell

i'd add (from my firewall logs)
1080    socks
21      ftp
1433 ms-sql

-- 
Luca Berra -- bluca () comedia it
        Communication Media & Services S.r.l.
 /"\
 \ /     ASCII RIBBON CAMPAIGN
  X        AGAINST HTML MAIL
 / \
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: