First, thanks to all who have replied on this subject.
I tried disabling the ident rule, things continued to run well but I noticed many
more drops in my firewall logs. Apparently my www,mail and dns server located in the
DMZ behind the firewall use ident and without this rule I get many more drops in my
logs so it's more of a cosmetic problem. I'm probably going to leave it in unless
someone else has a better idea?
John Gesualdi wrote:
> Hi,
>
> I'm reviewing all the rules in my firewall. I have a couple of old rules
> that don't seem to make sense any longer.
>
> Rule1 = any_host any_destination long_icmp drop. This rule was
> put in a long time ago for the Ping of Death DOS attack. We are running fw1 vers
> 4.0sp5 on Solaris 2.6. Do I still need this rule?
>
> Rule 2 states that my Web server and dns,smtp server located in the DMZ can
> do "ident" with any host. Why would I need this?
>
> Thankyou.
>
> --
> John Gesualdi
> The Providence Journal Company
> Phone (401)277-8133
> Pager (401)785-6938
> CCDP,CCNP
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
--
John Gesualdi
The Providence Journal Company
Phone (401)277-8133
Pager (401)785-6938
CCDP,CCNP
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
