> Date: Thu, 24 Jul 1997 13:16:07 -0500
> From: bdfrost @
> Subject: Firewall alerts of rouge Inet connection
> I have been told by several folks that it is possible to configure a
> firewall to alert you that whenever a rogue connection to the internet
> has been created on your network. I don't want people doing dialup to
> the 'net and going around our security procedures. I am using Firewall-1
> 3.0, but I am not looking for Firewall-1 advice particularly, I just
> want to know what a firewall would see that would alert it to the
> presence of a rogue connection...
On rare occassions, I've found local users dialing from their desks to
outside providers by route advertisements coming from internal hosts for
external nets. This is iffy, and not anywhere near reliable. One thing
you may want to consider is the logging from your phone switch or PBX.
Grab the files of dialin numbers for the major and regional providers,
cross it against the logs from the switch, and if you find users are
violating policy after being notified, cut their access or desk line
until the point is made.
Not an easy problem, I wish you luck.
UNIX administrator, Atari Games
These are my opinions, not Atari's. My opinions are an added-cost