Firewall Wizards mailing list archives
Re: screen and choke network config
From: Luca Berra <bluca () comedia it>
Date: Wed, 29 May 2002 08:05:50 +0200
On Tue, May 28, 2002 at 03:07:43PM -0400, Dave Piscitello wrote:
I realized looking through my logs that I can save duplicate log entries if I packet filter annoying inbound TCP/UDP/ICMP types at the access router. Since all the firewalls will have a default deny all inbound policy (except the one firewall that allows http), I'd set the access router in an inverse manner to "allow anything but stuff I don't want duplicate log entries for". I wonder what beyond the following list you might add. These are the ports I most frequently see in my last 3 months' logs... 23 telnet 69 tftp 79 finger 111 sunrpc 137, 138, 139 msft noiseBOIS 161, 162 snmp, trap 194 irc 512-514 remote exec, login, shell
i'd add (from my firewall logs) 1080 socks 21 ftp 1433 ms-sql -- Luca Berra -- bluca () comedia it Communication Media & Services S.r.l. /"\ \ / ASCII RIBBON CAMPAIGN X AGAINST HTML MAIL / \ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- screen and choke network config Dave Piscitello (May 28)
- Re: screen and choke network config R. DuFresne (May 29)
- Re: screen and choke network config Luca Berra (May 29)
- <Possible follow-ups>
- Re: screen and choke network config Kevin Johnson (May 30)
- Re: screen and choke network config Dave Piscitello (May 31)