Odd scans and stuff bouncing off firewalls

From: Nexus (nexusat_private-way.co.uk)
Date: Tue Aug 13 2002 - 08:57:31 PDT

  • Next message: Steve Vawter: "RE: Odd scans and stuff bouncing off firewalls"

    Just a quick straw poll to see if anyone has any hard data that supports the
    logging and analysis of traffic that bounces off of filtering devices as
    part of a business security plan ?   Other than generating attack metrics to
    wave under the noses of senior managment at budget time, is there any
    definite _business_ requirement to have IDS sensors outside the firewall or
    firewall "drop" logs et al regularly examined in the context of "external"
    attack sources ?
     "We defended against X bazillion hack attacks last year so we need a bigger
    budget for more stuff.."
    BableFish (H2G2 version) : "Tons of port scans and worms from non
    accountable netblocks bounced off of the firewall"
    I don't bother to chase anything from anywhere unless it makes it through
    the filters because I could care less and it would IMHO purely be a time
    sink and even then only if it's from a netblock that has a whois abuse@
    entry.   As I said, this is purely my own view, on my own network knowing
    the sheer amount of background radiation on the internet, so I would
    appreciate some other points of view.
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com

    This archive was generated by hypermail 2b30 : Tue Aug 13 2002 - 09:37:21 PDT