* Peter Wiersig wrote on Thu, Jun 12, 2003 at 12:27 +0200:
( Why do people log their drop after the deployment phase of their ruleset? I do that only when I'm experiencing strange connect problems. )
I log it, too :-) All the day on all firewalls. IDS messages usually get logged by many people also. In case of incident, you have informations for analysis. For instance, often you can see that one IP does a portscan or a distributed portscan from multiple IPs, then another IP systematically connects each webserver (but no other host) and makes some GET request (e.g. formmail probe) and a thrid IP spams if a formmail was found. Well, and so you get an idea of what really happend I think. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.