Security Basics mailing list archives
RE: Network Traffic Monitor
From: "Bunting, Bob" <bbunting () fyinm org>
Date: Mon, 2 Aug 2004 18:22:01 -0600
I'm curious if anyone knows of any software Windows or Linux that can monitor all traffic going out of the network, particularly any unusual traffic. I had a computer infected with a mass mailing program that sent out enough traffic to lock up my firewall the other day, which is also the firewall for all our web/mail/app servers. Any ideas would be greatly appreciated. Thanks in advance.
An alternative that would solve the problem is to implement egress filtering on the firewall and log every hit on the ACL used to do the egress filtering. That way, you would keep your system from being abused by many of the current worms that carry their own SMTP engines and similar exploits and you would have a way of identifying machines that require further investigation. Of course, Snort will look deeper and tell you more and you should use it. An IDS is exactly what you are asking about in your post and Snort will run on either Windows or Linux. But an egress filter is a better place to start for the problem you experienced. Bob Bunting, PhD, CISSP, CCNA, Net+, MCP Director of Information Systems Families and Youth Inc. ****************************************************************** This message and any accompanying documents are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. All personal messages express views solely of the sender, which are not to be attributed to Families and Youth Inc. or any of its affiliated organizations, and may not be distributed without this disclaimer. If you received this message in error, please notify us immediately at postmaster () fyinm org. ******************************************************************** --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Network Traffic Monitor Thomas T. Evans, III (Aug 02)
- <Possible follow-ups>
- RE: Network Traffic Monitor Paris E. Stone (Aug 02)
- Re: Network Traffic Monitor Ronish Mehta (Aug 02)
- RE: Network Traffic Monitor Bunting, Bob (Aug 03)
- Re: Network Traffic Monitor jason.heschel (Aug 04)