[Dshield] new: Firewall log and rules

Bjorn Stromberg bjorn at thechemistrylab.com
Wed Oct 1 18:59:11 GMT 2003


> I note my firewall alerts have gotten much shorter since I told my PC to
> not acknowledge, send or receive anything whatsoever from the Asia Pacific
> range of IP numbers, i.e., 61.0.0.0 - 61.255.255.255.  Also ruled out was
> Comcast Cable Wireless in the 67.160.0.0 - 67.174.255.255 range and Qwest
> in the 67.0.0.0 - 67.7.255.255 range.  No discernible negative side
effects
> on connectivity or email from locking them out so far.  I might have
> something here.  I am thinking of adding RR to the list.  As this is a
> standalone PC I am still debating the wisdom of fully closing the ports at
> 1434, 901, and 17300 as was done to 135 and 445.  What do you all think?

You block an entire Class A netblock, 21 entire class B netblocks and yet
you leave unused ports with known vulnerablities open?

The goal of security is not to decrease the size of your logs, it's to
prevent the compromise of your systems. I think most people on this list
block everything by default and only open ports that they use. I think
blocking netblocks is a terrible idea, if you can live without the
information that vast range of ip addresses possesses that's entirely your
choice. *stifles the urge to flame further*

Bjorn Stromberg
Mid-Continent Testing Laboratories, Inc.
http://www.TheChemistryLab.com/





More information about the list mailing list