> I don't really see your problem here. Your firewall either is secure or > it > is not. If it is not, you should not increase security for some short > period, you should increase it for ever. If it is secure, you can sit > back > and watch the scan since it cannot harm you.
Those FireWalls *are* secure today but as I managed many FireWalls and don't have time to upgrade them to the latest software more than once a year, I'm quite afraid of new holes being found in proftpd or sendmail (examples). The customers who use those FireWall need FTP, Mail and whatever other services on those FireWalls (one could say these are no more FireWalls...). For some evident financial reasons, they don't want to split into different servers. Tonight, snort reported me someone from malaysia portscanned my subnet and then tried to exploit a bug in ProFTPD. Happily, the version of ProFTPD shipping with Debian 2.2 seems secure but for how long ? So did I thought it would be wise to deny this intruder to go further than the scan. **************************************** Jean-Fran�ois JOLY ITIN - Institut des Techniques Informatiques
