Odd scans and stuff bouncing off firewalls

From: Nexus (nexusat_private-way.co.uk)
Date: Tue Aug 13 2002 - 08:57:31 PDT

  • Next message: Steve Vawter: "RE: Odd scans and stuff bouncing off firewalls"

    Just a quick straw poll to see if anyone has any hard data that supports the
    logging and analysis of traffic that bounces off of filtering devices as
    part of a business security plan ?   Other than generating attack metrics to
    wave under the noses of senior managment at budget time, is there any
    definite _business_ requirement to have IDS sensors outside the firewall or
    firewall "drop" logs et al regularly examined in the context of "external"
    attack sources ?
    
     "We defended against X bazillion hack attacks last year so we need a bigger
    budget for more stuff.."
    BableFish (H2G2 version) : "Tons of port scans and worms from non
    accountable netblocks bounced off of the firewall"
    
    I don't bother to chase anything from anywhere unless it makes it through
    the filters because I could care less and it would IMHO purely be a time
    sink and even then only if it's from a netblock that has a whois abuse@
    entry.   As I said, this is purely my own view, on my own network knowing
    the sheer amount of background radiation on the internet, so I would
    appreciate some other points of view.
    
    Cheers.
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Tue Aug 13 2002 - 09:37:21 PDT