Your fw is doing a what you hired it to do.
Depending on how you feel about knowing who's
knocking on the door, you could block them at your
outside router(ingress filtering).
Since the RFC1918 was set aside for private networks,
these really shouldn't be showing up at your door. But as
we know, they do. With proper filtering, you can stop these
and the outbound ones(egress filtering).
Some documents to check would be:
http://www.sans.org/y2k/egress.htm
http://www.sans.org/dosstep/cisco_spoof.htm
http://www.cisco.com/warp/public/105/42.html
http://www.cisco.com/warp/customer/707/21.html
There's tons more out there, but these help you
get started.
Robert
- -
Robert P. MacDonald, Network Engineer
Team Lead, e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> "Hoang" <[EMAIL PROTECTED]> 11/16/00 11:05:31 AM >>>
>
>Lately, I've noticed from the log that I got a lot of drop records
>generating from 192.168.27.x to my FW external interface. The 192.168.27.x
>network is a private class C, and it is not part of my internal network.
>The ports are 9960, 15994, 17600, etc.. All high ports. Can anyone give
>some insight on this?
>
>Thanks
>Hoang
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
