Re: Active Snort Log Analyser
> I don't really see your problem here. Your firewall either is secure or
> it
> is not. If it is not, you should not increase security for some short
> period, you should increase it for ever. If it is secure, you can sit
> back
> and watch the scan since it cannot harm you.
Those FireWalls *are* secure today but as I managed many FireWalls and don't
have time to upgrade them to the latest software more than once a year, I'm
quite afraid of new holes being found in proftpd or sendmail (examples).
The customers who use those FireWall need FTP, Mail and whatever other services
on those FireWalls (one could say these are no more FireWalls...). For some
evident financial reasons, they don't want to split into different servers.
Tonight, snort reported me someone from malaysia portscanned my subnet and then
tried to exploit a bug in ProFTPD. Happily, the version of ProFTPD shipping
with Debian 2.2 seems secure but for how long ?
So did I thought it would be wise to deny this intruder to go further than the
scan.
****************************************
Jean-François JOLY
ITIN - Institut des Techniques Informatiques
Reply to: