| Author |
Message |
PaulC
Joined: 11 Sep 2003
Posts: 36
Location: San Jose, CA
|
| Posted: Thu Sep 11, 2003 2:26 pm Post subject: Report activity on filtered ports to dshield.org? |
|
|
If you've not heard of it before, DShield is a community-based reporting database for malicious network traffic. The idea is that you submit your logs of stuff that bounced off your firewall, and when agregated with everyone else's submitted logs, a good picture of the sources is produced. Both the web site and an active mailing list are good sources of information, most of it real-time.
I can understand why you've chosen to filter ports, but on the flip side, it means I can't report activity on them to dshield.
I'm hoping you'll consider reporting that blocked traffic to dshield on behalf of all of your customers? It's not difficult to set up.
Paul |
|
| Back to top |
|
caker
Joined: 15 Apr 2003
Posts: 2392
Location: Galloway, NJ
|
| Posted: Thu Sep 11, 2003 3:14 pm Post subject: |
|
|
Hello Paul
The data-center (ThePlanet) blocks those ports, not us :( I tried to get them to remove all the filtered ports using the same argument (that I'd rather do it myself, etc) but they wouldn't go for it. I didn't push that hard for it.
I have had success in turning filtering off for ports in which I can make a good argument for (like for a certain application, etc).
I'm inclined to keep it that way, for now; but if there is a specific port you need open and I can make a good case, I can probably get the filtering removed.
DShield looks awesome, btw :-) So many attacks from the US that the pie-chart covers the entire North America! Bad, bad kiddies...
-Chris |
|
| Back to top |
|
PaulC
Joined: 11 Sep 2003
Posts: 36
Location: San Jose, CA
|
| Posted: Thu Sep 11, 2003 3:51 pm Post subject: |
|
|
Yep, dshield's pretty neat. Somehow I don't feel quite so helpless in the face of the onslaught if I can rat on the machines responsible :)
I have no problem with them blocking some ports, within reason (except perhaps a philosophical twinge). So long as common sense prevails and there's a good balance struck. I'll be running an OpenVPN tunnel for access to most services anyhow - no point in opening most of them up to the world unless they have to be.
Perhaps ThePlanet would consider making the router logs available to you over SNMP? I can't think why they would object to that, and a good case can be made for having better visibility into what's happening on your segment. And being able to submit them to dshield would be a bonus ;)
Paul |
|
| Back to top |
|
fredz
Joined: 19 Sep 2003
Posts: 22
Location: Luxembourg
|
| Posted: Thu Oct 09, 2003 3:53 am Post subject: Re: Report activity on filtered ports to dshield.org? |
|
|
PaulC wrote:
I can understand why you've chosen to filter ports, but on the flip side, it means I can't report activity on them to dshield.
What ports are blocked at the planet? |
|
| Back to top |
|
PaulC
Joined: 11 Sep 2003
Posts: 36
Location: San Jose, CA
|
| Posted: Thu Oct 09, 2003 10:42 am Post subject: |
|
|
They are listed in the FAQ:
Which TCP Ports are blocked?
Paul |
|
| Back to top |
|
| |
