Most of the time, people focus on what is coming inbound toward their networks. This is quite understandable as the threat is usually considered outside of our perimeter and trying to come into our networks. However, looking at traffic in this fashion is sometimes very tedious. There is alot that can get lost in the noise, especially if the analysis is done at the network edge. There is just so much "background noise" on the internet such as port scans, old malware lingering around, network probes, etc. There is alot to filter through. |
Lorna 165 Posts ISC Handler Feb 14th 2010 |
Thread locked Subscribe |
Feb 14th 2010 1 decade ago |
Good tip. It's surprising the amount of malware that can be caught just by blocking/logging outbound SMTP traffic, for instance.
|
Anonymous |
Quote |
Feb 16th 2010 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!