> I can see EVERY ip/traffic coming in.... if I dont like > it, I lock it down but the firewall does that automatically > anyhow....it auto-blocks by default
How do you differentiate between "good" and "bad" traffic? For example, if you run a web server, you open port 80, and it's open to the world, typically. Beyond using a generic input filter like URLScan, how do you differentiate between well-formed requests from legitimate clients and malformed requests intended to exploit some web server vulnerability? That's just one example. The fact is, if you allow any legitimate traffic to your machine, a software firewall will allow all traffic that fits the same template - from specified sockets on the remote machine to specified sockets on your machine, basically. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4