Firewalls: Logging routers

Firewalls
(September 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Logging routers
From:	padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Date:	Thu, 15 Sep 94 16:27:14 -0400
To:	"firewalls @ greatcircle . com"@UVS1.dnet.mmc.com

Craig Bishop wrote (about Firewall-1):
] The thing I really like is the control over the filtering
] because the majority of it is being done on the bastion host not
] on a router (which gives you ZERO logging capability). With
] the filtering happening at the bastion host there are many more
] options for logging.

Marty Shannon replied:
>I think logging from the router could help catch attacks that don't use
>all the old standard tricks.

Even for standard attacks, it helps to have early warning of probes via
Telnet or Finger or other means. Just rejecting the packet allows the
intruder to continue to try different approaches whereas if failed
connections are logged, other defenses and alerts can be established.

					Warmly,
					padgett @
 tccslr .
 dnet .
 mmc .
 com

Indexed By Date	Previous:	[no subject] From: ted @ gw . lsli . com (Ted Airedale)
Indexed By Date	Next:	Re: writing packet filters. From: Brent @ GreatCircle . COM (Brent Chapman)
Indexed By Thread	Previous:	Logging Routers From: mjs @ tiaa . org (marty shannon)
Indexed By Thread	Next:	RE: Logging Routers From: ted . doty @ nsco . network . com