Hello, listmembers,
has anybody figured out, how to avoid the lookup of the FQDN in
the alert commands? I didn't find it in the FAQs.
I do want to see the IP-Number instead of the FQDN for 2 reasons:
- the name may be forged (will fw-1 detect and log this at THIS point?)
- an excessive scan puts an unnessesary load on the firewall (DOS).
16Jun2000 5:03:30 drop fw >hme0 useralert proto icmp src
dcexsc400.quova.net dst 139.17.0.1 rule 52 icmp-type 8 icmp-code 0
TIA,
thomas
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
