On Fri, 7 Jul 2000, Michele M. Jordan wrote:
> We're a website and server hosting company, and the firewall protects
> our internal network. Filtering at the border router affects all
> customers, and it has to be pretty bad before we will take that
> action. We have taken that action in the past though, and are
> approaching that point with this company.
I found it really helpful to add some decent packet filtering engines in
front of my firewalls when faced with the same situation- A reasonably
cheap PC with two NICs running NetBSD {OpenBSD, FreeBSD, Solaris (I'd
do that on a Sparc though)...} and IPFilter gives you the ability to do a
*lot* of really cool things, like return RSTs for *every* TCP packet from
a network or host. Mapping and scanning are really useless when
*everything* gets a reply as if a machine were actually there. You also
get per-rule logging so you can choose what types of violations are
important.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
