Dynamic IP log retention = 0?
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Thu Mar 12 16:31:03 UTC 2009
On Wed, 11 Mar 2009 07:53:01 -0800, Marcus Reid said:
> A quick scan of the reverse mapping for your address space in DNS reveals
> that you have basically your entire network on public addresses. No wonder
> you're worried about portscans when the printer down the hall and the
> receptionists machine are sitting on public addresses. I think you are
> trying to secure your network from the wrong end here.
You *do* realize that "has a public address" does not actually mean that
the machine is reachable from random addresses, right? There *are* these
nice utilities called iptables and ipf - even Windows and Macs can be configured
to say "bugger off" to unwanted traffic. And you can put a firewall appliance
inline without using NAT as well.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20090312/1c2af6f9/attachment.sig>
More information about the NANOG
mailing list