Firewall Wizards mailing list archives
screen and choke network config
From: Dave Piscitello <dave () corecom com>
Date: Tue, 28 May 2002 15:07:43 -0400
I have just upgraded from a lame DSL bridged configuration to a routed configuration. I have an access router that can packet filter. Behind this I have a public IP subnet on which I run between 4-6 firewalls and VPN appliances. I'd like to process all syslog messages from the access router and firewalls at a server behind one of the firewalls, and so would open 514 inbound on the firewall (for a list of FWs), and block 514 inbound on the access router. This is done and is working nicely. I realized looking through my logs that I can save duplicate log entries if I packet filter annoying inbound TCP/UDP/ICMP types at the access router. Since all the firewalls will have a default deny all inbound policy (except the one firewall that allows http), I'd set the access router in an inverse manner to "allow anything but stuff I don't want duplicate log entries for". I wonder what beyond the following list you might add. These are the ports I most frequently see in my last 3 months' logs... 23 telnet 69 tftp 79 finger 111 sunrpc 137, 138, 139 msft noiseBOIS 161, 162 snmp, trap 194 irc 512-514 remote exec, login, shell I still want to see how my doorknob's being rattled, I just want to minimize the number of times I see any individual "rattle". David M. Piscitello Core Competence, Inc. & 3 Myrtle Bank Lane Hilton Head, SC 29926 dave () corecom com 843.689.5595 www.corecom.com hhi.corecom.com/~yodave/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- screen and choke network config Dave Piscitello (May 28)
- Re: screen and choke network config R. DuFresne (May 29)
- Re: screen and choke network config Luca Berra (May 29)
- <Possible follow-ups>
- Re: screen and choke network config Kevin Johnson (May 30)
- Re: screen and choke network config Dave Piscitello (May 31)