Dynamic IP log retention = 0?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Mar 12 11:31:03 CDT 2009


On Wed, 11 Mar 2009 07:53:01 -0800, Marcus Reid said:

> A quick scan of the reverse mapping for your address space in DNS reveals
> that you have basically your entire network on public addresses.  No wonder
> you're worried about portscans when the printer down the hall and the
> receptionists machine are sitting on public addresses.  I think you are
> trying to secure your network from the wrong end here.

You *do* realize that "has a public address" does not actually mean that
the machine is reachable from random addresses, right?  There *are* these
nice utilities called iptables and ipf - even Windows and Macs can be configured
to say "bugger off" to unwanted traffic.  And you can put a firewall appliance
inline without using NAT as well.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20090312/1c2af6f9/attachment.bin>


More information about the NANOG mailing list