Hi, Pamela > We have been reading the firewalls mailing > list for a while. I have been becomming unhappy with that list > as it just has to do with firewalls, and they are one paranoid but > not very productive group. Beg to differ. They clearly pointed out the problems inherent in running Firewall 1. They also gave the correct packet filter for blocking IP spoofing attacks after CIAC and CERT issued the advisory. When the UN asked Cisco about blocking IP spoofing, Cisco told us that they didn't know what we were talking about. They do however have a lot of discussion which is of no concern to most system administrators. > Currently, I am trying to sell suid and iss. > ( Where is the latest ISS anyway? ) Suggest you take a look at Pingware from Bellcore. When I included some "secure" machines at undp.org in my weekly check for security holes, undp.org called CERT to say they had been hacked. Pingware is much more aggressive than ISS in expoiting security holes. > I am also trying to get cops running on ever system. The RAXCO Security Toolkit is the commercial equivalent of COPS. However, its menu interface and reporting facilities make it much easier to use across multiple systems then COPS. We use everything we can get our hands on, rather than sticking with a small group of products. Finally, if you do not see any threat from your Internet connection, perhaps you don't have adequate software to let you watch it closely enough. Hog Farmer Tropical Hog Improvement Programme