Re: Firewall froth..

To: debian-user@lists.debian.org
Subject: Re: Firewall froth..
From: "Digby Tarvin" <lists2008@skaro.afraid.org>
Date: Tue, 15 Apr 2008 20:06:01 +0000 (GMT)
Message-id: <[🔎] 20080415200601.25497.qmail@tdc.dircon.co.uk>

On Tue, Apr 15, 2008 at 01:23:59PM -0400, Brian McKee wrote:
>
> On 15-Apr-08, at 11:42 AM, Digby Tarvin wrote:
> >The problem I am having is that the messages from the firewall really
> >flood /var/log/messages to the point where I am concerned they may
> >cause
> >me to miss other important things.
> >...
> >Perhaps I should redirect the firewall logs to a separate file? Or
> >just stick my head in the sand and log nothing - which is presumably
> >the situation with my dsl router..
> >
>
> If it's dropped - then the firewall did it's job.
> Why look at the results unless you have a problem?
> Worry about what's getting through, not what isn't....
>
> Brian

Thanks, that's what I was thinking. If anyone can think of a reason
not to extend the 
DROP    net             fw              udp     1026:1029
so that logging for all blocked packets is supressed i'd be interested
in hearing it..

Just out of curousity, does anyone know what any of this bogus traffic
to (for example ports 1947 and 1948 are popular at the moment) might be?
Is it common to see this much noise? Is it perhaps undocumented traffic
generated by windows systems that others have connected directly to the
net? Or perhaps malicious traffic targeting vulnerabilities of windows
systems that might be unfirewalled on the net?

Regards,.
DigbyT

Reply to:

Follow-Ups:
- Re: Firewall froth..
  - From: Alex Samad <alex@samad.com.au>

Prev by Date: Re: Source code editor
Next by Date: Re: Source code editor
Previous by thread: Re: Firewall froth..
Next by thread: Re: Firewall froth..
Index(es):
- Date
- Thread