[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Logging question
Your fw is doing a what you hired it to do. Depending on how you feel about knowing who's knocking on the door, you could block them at your outside router(ingress filtering). Since the RFC1918 was set aside for private networks, these really shouldn't be showing up at your door. But as we know, they do. With proper filtering, you can stop these and the outbound ones(egress filtering). Some documents to check would be: http://www.sans.org/y2k/egress.htm http://www.sans.org/dosstep/cisco_spoof.htm http://www.cisco.com/warp/public/105/42.html http://www.cisco.com/warp/customer/707/21.html There's tons more out there, but these help you get started. Robert - - Robert P. MacDonald, Network Engineer Team Lead, e-Business Infrastructure G o r d o n F o o d S e r v i c e Voice:email: [email protected] >>> "Hoang" <[email protected]> 11/16/00 11:05:31 AM >>> > >Lately, I've noticed from the log that I got a lot of drop records >generating from 192.168.27.x to my FW external interface. The 192.168.27.x >network is a private class C, and it is not part of my internal network. >The ports are 9960, 15994, 17600, etc.. All high ports. Can anyone give >some insight on this? > >Thanks >Hoang ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|