Security Incidents mailing list archives
Odd scans and stuff bouncing off firewalls
From: "Nexus" <nexus () patrol i-way co uk>
Date: Tue, 13 Aug 2002 16:57:31 +0100
Just a quick straw poll to see if anyone has any hard data that supports the logging and analysis of traffic that bounces off of filtering devices as part of a business security plan ? Other than generating attack metrics to wave under the noses of senior managment at budget time, is there any definite _business_ requirement to have IDS sensors outside the firewall or firewall "drop" logs et al regularly examined in the context of "external" attack sources ? "We defended against X bazillion hack attacks last year so we need a bigger budget for more stuff.." BableFish (H2G2 version) : "Tons of port scans and worms from non accountable netblocks bounced off of the firewall" I don't bother to chase anything from anywhere unless it makes it through the filters because I could care less and it would IMHO purely be a time sink and even then only if it's from a netblock that has a whois abuse@ entry. As I said, this is purely my own view, on my own network knowing the sheer amount of background radiation on the internet, so I would appreciate some other points of view. Cheers. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Subseven Scans, (continued)
- Re: Subseven Scans Baribault, Gary (Aug 12)
- Re: Subseven Scans H C (Aug 13)
- Re: Subseven Scans Ben Lambrey (Aug 12)
- Re[2]: Subseven Scans Preston Kutzner (Aug 12)
- Re: Subseven Scans H C (Aug 12)
- RE: Subseven Scans Rob Keown (Aug 12)
- Re: Subseven Scans Gene Yoo (Aug 12)
- RE: Subseven Scans Rob Keown (Aug 12)
- RE: Subseven Scans H C (Aug 12)
- FW: Subseven Scans Rob Keown (Aug 13)
- Odd scans and stuff bouncing off firewalls Nexus (Aug 13)
- Re: Odd scans and stuff bouncing off firewalls Greg A. Woods (Aug 13)
- Odd scans and stuff bouncing off firewalls Nexus (Aug 13)
- RE: Subseven Scans Robert Buckley (Aug 13)
- RE: Subseven Scans H C (Aug 13)
- RE: Subseven Scans Robert Buckley (Aug 14)
- RE: Subseven Scans H C (Aug 14)
- RE: Subseven Scans Robert Buckley (Aug 15)