-
January 25th, 2002, 05:23 AM
#11
Junior Member
I can't block alter.net because it's just on the route, not the actual destination. I may do the auto-block. Does auto-block keep a list of blocked sites somewhere that I can access/modify? Is auto-block temporary or permanant?
Thanks,
-Will Tyler
-wct097@yahoo.com
-
January 25th, 2002, 04:47 PM
#12
as i said...i just got my box ...but reading from the manual pg 85 (you do have a manual right...hinthint...rtfm... )
"Auto Blocked sites - which are sitres the firebox adds or deletes dynamically based on default packet handling rules and service-by-service rules for denied packets. Sites are temporarily blocked until the autoblocking mechanism times out "
(timeout can be set up to 22 days i think)
"Fire box autoblock and logging mechanisms can help you decide what sites to block. For example, when you find a site that spoofs your network, you can add the offending sites ip to the list of permanently blocked sites."
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
-
January 28th, 2002, 03:27 PM
#13
Junior Member
Actually, I don't have the manual handy. Our consultants swiped it haven't mailed it back to me yet. I went ahead and auto-blocked sites that try to connect in suspicious ways. I have my Fireboax logging incomming (allowed) http as well. Funny to watch an someone hit the website, try to FTP, then can't hit our website a minute later. I bet it confuses the hell outta them.
I've been keeping track of suspicious hits on the firewall. I noticed one log message that occured three nights in a row. IP 198.36.205.2, port 137. Three entries each night between 1:30 and 2:00. I might just block this IP completely.
-Will Tyler
-wct097@yahoo.com
-
February 11th, 2002, 02:16 PM
#14
Member
Alter.Net is a backbone provider across the Atlantic and the majority of ISP's on the East Coast USA use them.
-
February 12th, 2002, 02:25 AM
#15
Junior Member
198.36.205.2 >> Risdall Advertizing (NETBLK-USW-RISDELLADVERTISE) , Class C network (198.36.205.0 - 198.36.205.255),
_ 198.36.205.1 : HTTP server installed (Microsoft IIS 5.0)
_ 198.36.205.1 : FTP server installed (Squid/2.4.STABLE2)
_ 198.36.205.1 : anonymous FTP connection refused
(198.36.205.1 - www.risdall.com)
It seems that their small network has only Windows worstations.
They are possibly having some bugs in their old accounting sofware (or other automatic report-making soft) which (probbably ) use NetBIOS to exchange data within LAN. So log all incoming packets, don't filter them, that could be interesting (let that host establish NetBIOS connection and transfer (faked) data if any - i.e. let them transfer something if they want).
AIDeveloper.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|