[Dshield] Strange Scan

bpennell@coxhealthplans.com bpennell at coxhealthplans.com
Thu Dec 29 13:53:37 GMT 2005


It's configured as a transparent bridge.  It can pretty much be plugged
in anywhere and is easy to replace if it fails.  GeoIP allows me to
monitor all foreign sessions, and block countries like China and Korea.
GeoIP also allows me to create my own country codes to block things like
Anonymous Proxy servers.  

The recent match allows the FW to remember past intruders, which I
completely block for a specific amount of time.  Once they're on one of
my lists, they can't even hit our web servers.


Brent Pennell



-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org]On Behalf Of Jon R. Kibler
Sent: Wednesday, December 28, 2005 2:09 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Strange Scan



BTW, how is the your system configured? I am not quite sure I understand
"IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=eth0" showing as one device one
place and two devices elsewhere (have to admit I am not a netfilter
expert!).

Good Luck!
Jon
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.




More information about the list mailing list