You should do coarse filtering on your router and stateful packet inspection on your firewall, especially in an enterprise. ISS should just be an extra layer of protection to prevent a domino effect if one server gets compromised or a network change opens up servers to unwanted traffic.
Reiver ----- Original Message ----- From: "Art van Schijndel" <[EMAIL PROTECTED]> To: "Reiver" <[EMAIL PROTECTED]> Sent: Tuesday, October 25, 2005 9:02 AM Subject: Re: [ISSForum] Any way to block foreign IP addresses > Larry, > > I do this very thing in my perimeter firewalls. Firewalls are perfect for > this type of coarse filtering. I leave the sensors to do the more > sophisticated deep packet inspection. > > Art > > ----- Original Message ----- > From: "Reiver" <[EMAIL PROTECTED]> > To: "Larry Bowers" <[EMAIL PROTECTED]>; <[email protected]> > Sent: Thursday, October 20, 2005 20:28 > Subject: Re: [ISSForum] Any way to block foreign IP addresses > > > Better to do that on the network level and not overload your sensors > (especially server sensors). I only block IPs in policies for quick temp > blocks until a network rule can be implemented or the threat has moved on > (ISP DHCP, etc). > > Reiver > > ----- Original Message ----- > From: "Larry Bowers" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Wednesday, October 19, 2005 7:36 AM > Subject: [ISSForum] Any way to block foreign IP addresses > > > I'm wondering if it is possible, through policies in SiteProtector, to > block > IP address ranges. What I was thinking was to block access from all > foreign > IP addresses as they have no need to access my public connections. I > looked > up the IP to Country table and it is not as easy as at first thought. So > I > was thinking maybe someone all ready invented that wheel. > > Any ideas? > > Thanks > > > > > Larry Bowers > Vice President of Computer Systems > [EMAIL PROTECTED] > Northwest Iowa Power Cooperative > County Road C38 > LeMars, Iowa 51031 > Voice 712-546-4141 > FAX 712-546-8795 > www.nipco.coop > > > > > ---------------------------------------------------------------------------- > ---- > > >> _______________________________________________ >> ISSForum mailing list >> [email protected] >> >> TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to >> https://atla-mm1.iss.net/mailman/listinfo/issforum >> >> To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] >> >> The ISSForum mailing list is hosted and managed by Internet Security >> Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. > > _______________________________________________ > ISSForum mailing list > [email protected] > > TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to > https://atla-mm1.iss.net/mailman/listinfo/issforum > > To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] > > The ISSForum mailing list is hosted and managed by Internet Security > Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. > > _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
