You are correct. That's why security should be a "belt and suspenders" approach.
For the Code red stuff, SQL slammer, etc, we just used NBAR on Cisco to drop the packets. http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml#1 ISS gets some stuff, Checkpoint is good at getting some other stuff, etc., I also don't allow much UDP in. It's blocked by an inbound ACL, as it's not statefully inspected. UDP 53 ( DNS ) and some host to host special allow's and that's it. Everything else is TCP. Scotty Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63551&t=63461 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]