> I would like to know if its a good choice to log packets thats being
> send and recieved, and what the advantages is of logging packets on
> firewalls.
Yes, logging is a good thing. However depending on the type of
firewall (private use, professional use or heavier) you might
want to log more and more. I know some companies that log
_everything_ :-).
Quote:> How much information can you see on logged packets ?, and where would
> you log the packets and protect the log from malicous hackers, trojan
> kids or script kids ?
Logging will typically provide you with protocol type,
(probable!) source address and reason for denial. See ipchains
doc for more information.
You could log on another machine, this is common practice. If you
want to be absolutely sure about the logs, then connect through a
one-way serial line. Logging on a printer is a) not useful,
because it is very difficult to search for events and correlate
them, and b) opens you for denial of service attacks, unless you
have a very fast printer that is :-)
Quote:> Were using Linux Slackware 7.0.
I recently switched from redhat to slackware to OpenBSD. I prefer
the latter to put it gently and with chances to open up a flame
war. The flame war is _not_ my intent! OpenBSD firewalls are
_much_ easier to maintain, much easier to develop and I think
inherently more secure. The additional advantage being that not a
lot of scripts are available for the script kiddies because it is
so much less used :-).
EJ
--
OpenBSD 2.6 on a sparc (32 MB) and a pentium 75 MHz (32 MB)
Linux 2.2.16 on a pentium 233 MHz (64 MB) and a sparc (32 MB)
FreeBSD 4.0 on a pentium 200 MHz (192 MB)
and the Mac LCII? Still doing nothing.