nanog mailing list archives
Re: Dynamic IP log retention = 0?
From: Valdis.Kletnieks () vt edu
Date: Thu, 12 Mar 2009 12:31:03 -0400
On Wed, 11 Mar 2009 07:53:01 -0800, Marcus Reid said:
A quick scan of the reverse mapping for your address space in DNS reveals that you have basically your entire network on public addresses. No wonder you're worried about portscans when the printer down the hall and the receptionists machine are sitting on public addresses. I think you are trying to secure your network from the wrong end here.
You *do* realize that "has a public address" does not actually mean that the machine is reachable from random addresses, right? There *are* these nice utilities called iptables and ipf - even Windows and Macs can be configured to say "bugger off" to unwanted traffic. And you can put a firewall appliance inline without using NAT as well.
Attachment:
_bin
Description:
Current thread:
- Re: Dynamic IP log retention = 0?, (continued)
- Re: Dynamic IP log retention = 0? William Allen Simpson (Mar 11)
- Re: Dynamic IP log retention = 0? Brett Charbeneau (Mar 11)
- Re: Dynamic IP log retention = 0? Marcus Reid (Mar 11)
- Re: Dynamic IP log retention = 0? Joe Abley (Mar 11)
- Re: Dynamic IP log retention = 0? Brett Charbeneau (Mar 11)
- Re: Dynamic IP log retention = 0? Joe Greco (Mar 11)
- Re: Dynamic IP log retention = 0? Mike Lewinski (Mar 11)
- Re: Dynamic IP log retention = 0? Peter Beckman (Mar 11)
- Re: Dynamic IP log retention = 0? Joe Greco (Mar 11)
- Re: Dynamic IP log retention = 0? William Herrin (Mar 11)
- Re: Dynamic IP log retention = 0? Brett Charbeneau (Mar 11)
- Re: Dynamic IP log retention = 0? Valdis . Kletnieks (Mar 12)
- Re: Dynamic IP log retention = 0? Mike Lewinski (Mar 12)
- Re: Dynamic IP log retention = 0? William Allen Simpson (Mar 11)
- Re: Dynamic IP log retention = 0? J. Oquendo (Mar 12)
- Re: Dynamic IP log retention = 0? William Allen Simpson (Mar 12)
- Re: Dynamic IP log retention = 0? Steven M. Bellovin (Mar 11)
- Re: Dynamic IP log retention = 0? Brett Watson (Mar 12)
- Re: Dynamic IP log retention = 0? JC Dill (Mar 12)
- Re: Dynamic IP log retention = 0? N. Yaakov Ziskind (Mar 12)