|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] Choosing a router's security log settings
|
Wireless is working great - rock-solid connections ever since
setting the channel correctly.
Now I'm peeking inside the router (Actiontec MI424-WS) and seeing
that it pays pretty close attention to traffic even at the default
settings ... However, I'm presented with choices:
Security Log Settings
Accepted Events
1 Accepted Incoming Connections
2 Accepted Outgoing Connections
Blocked Events
3 All Blocked Connection Attempts
4 Winnuke
5 Multicast/Broadcast
6 ICMP Replay
7 Defragmentation Error
8 Spoofed Connection
9 ICMP Redirect
10 Blocked Fragments
11 Packet Illegal Options
12 ICMP Multicast
13 Syn Flood
14 UDP Flood
15 ICMP Flood
16 Echo Chargen
Other Events
17 Remote Administration Attempts
18 Connection States
Log Buffer
19 Prevent Log Overrun
Imagine that there's a checkbox next to each of these instead of
the numbers. I'm inclined to check boxes 1, 2, 3, 17 & 19 as this
would cover all the bases. When I get the inevitable massive
log files, which specific types of event should I be watching ?
Assuming that I read the first logs, of course ...
The connections will be made from two PC's - One's a Smoothwall
hardware firewall, and the other is a WinXPSP2 box protected by
McAfee. I've got MAC address limiting set, so no other 'puters
should be seen, other than the servers we're asking in via Web
browsing, email, Aptitude, MS, and uploading to our web domains.
George Langford
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|