[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] WebSite being Hacked!!!
Title: RE: [FW1] WebSite being Hacked!!! In reference to the ICMP stateful inspection, you can actually leave it running and not have the 'Accept ICMP' implied rule be a hindrance. Just check that implied rule to be active, BUT make sure you select 'Last.' This will place it after your cleanup rule, so in theory nothing will ever get to it, yet at the same time the ICMP stateful inspection is still running. Jarrett -----Original Message-----
As to the how to stop port scanning:
2. Configure CPMAD to send an e-mails to you (be careful with this you get a lot of e-mails) or browse your wf log daily.If you see that you're being scanned then you can issue 'fw sam -i src <ip_address_you_wanna_block)' This way scanning connection is rejected.It is better then nothing but the disadvantage is that when fw sam rejects conenction it actually sends RST packet which sayes 'I'm firewall and I'm blocking you' - not very good.If you want sam to drop connections insted of reject the go to the $FWDIR/lib and edit code.def file - replace 'reject' with 'drop'. Checkpoint states that in this case no TCP/IP communication will take place between blocked address and your firewall. 3.If you have 'long scans' that longs days and you don't want you fw log be overflooded with entries then place the entry on Access list of the router and block the scanning address- on the router. >>> "Felix" <[email protected]> 05/30/01 09:51AM >>> Hi, all: one of my web server (IIS4.0 on NT 4.0 SP6a) which is behind my FW1-4.1
Thanx! ================================================================================
================================================================================
|