[Dshield] Question for all

John Hardin johnh at aproposretail.com
Tue Feb 3 20:08:12 GMT 2004


On Tue, 2004-02-03 at 11:36, Mrcorp wrote:
> Personal Choice...
> 
> A) One school of thought is that you know you will be attacked and
> scanned, so is there a real need for it outside the firewall?  Who
> would sit there and sort through all that information, and what would
> you look for?  The attacks should have been blocked by the firewall.

That assumes you're the only one looking at your logs. With dshield, you
probably *do* want it outside the firewall, with minimal or no filtering
of the logs (in other words, Johannes: do you really want to see logs of
all the NetBIOS traffic from the Internet side?)

--
John Hardin  KA7OHZ                           
Internal Systems Administrator/Guru               voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
  Failure to plan ahead on someone else's part does not constitute an
  emergency on my part.
                                  - David W. Barts in a.s.r
-----------------------------------------------------------------------
 27 days until ICQ Corp goes away - have you installed Jabber yet?




More information about the list mailing list