First of all, It seems like your architecture may need a re-design. There
are plenty of infosec and network type people who could assist with that.
2nd, it appears that someone in your firm has to assemble a good security
escalation and action procedure on how to deal with every little bell and
whistle that may be triggered when someone is rattling your doorknob and
rattling your windows.
Several people who have been on this list for years and years have written
brilliant papers and email threads on taxonomies of internet attack, how
to handle them and what to do about them.
Before you ask for help from the list, there are several you must do at
your firm to properly prepare for a consultant to help you, and after you
do some of the work, maybe you will not the would be consultant after all.
Anyways, consultants charge lots and lots of money and may not help you
solve some of the internal political problems that your firm may have.
Although having some of those consultants repeat what you have been saying
to management all along may give you some validation but that is about it.
The best way to eliminate some of the scanning is to construct some good
packet filtering rules in front of your IDS device, drop everything you
don't implicitly allow, and watch for the anomalies.. You do have an IDS
system in place don't you? If not, take a look at Network Flight Recorder
(www.nfr.net) or one of those other IDS software producing companies.
Good luck.
Peter, that will be .025 for the parking meter
NFR, that will be one Large NFR T-shirt for the plug. :)
/cheers
/mht
Peter M <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
02/20/00 07:53 AM
To: [EMAIL PROTECTED]
cc:
Subject: Ok LAST ONE : Re: Oh God.. No SCANS.. PLEASE@!
Ladies... Gents,
Okay, EVERYONE.. You.. me.. and the little green guy in the corner, all
have diffrent ways of approaching a scan, Some people report it, some
people just let it pass thinking "that damn little twit is still gonna
try.. and try.. but he's not gonna get in" ... as per me, i just let em
pass, though, i get paranoid everytime i get scanned and check my system
yet again to see if i have any trojans but thats still not hte case, Why
bother aruging with people on here, about how they handle their situation
/ i don't see how it bothers people in here.. its pointless keeping the
conversation going and going ... everyone has a diffrent way of handling
things.. lets leave it at that...just drop it guys... NOW, for the real
brain teazer
Anyone get ICMP requests from what appears to be mascaraded ips ? ...
Like instead of it showing From : 24.112.xxx.xxx .. It sais From :
xxx.xxx.112.24 to : xxx.xxx.112.24 .. yet none of those are close to my ip
addressa nd i still get the icmp request for TYPE 167 .. Does ANYONE have
any clue on what they are trying to pull here, i iwll post the log in
here, i get it daily... i really don't care about their ip address so i
will paste their address... :) .. So anyway..
Guys.. Drop the Talk.. Help me out here... Help!@# ;)
Any other firewalls for windows 95/98 (instead of Conseal PC
Firewall/@guard/Internet Firewall 2000... and Zonealarm?)
Thanks
Pete.
__________________________________________________________
Get your FREE personalized e-mail at http://www.canada.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
