Gary W. Smith wrote:
This should also work as well. We tarpit all data which should never
come through our firewalls. We also disabled tracking for the same. We
don't want the firewall wasting resources on this garbage. Another
trick that we do is we also dedicate a high/low IP for catching things
like SQL, HTTP, VNC, RDC, etc. This was things walking the network will
sometimes get hung, if they are not threaded.
I don't think that his *one or two per day* cmd.exe automatic scans will
get "through his firewall",
or will "waste resources".
Maybe filling your firewall with those useless rules will waste more
resources? ;-)
*Think again* (as seen in the national geographic channel)
regards,
Georgi Alexandrov
