RE: Network Traffic Monitor

["Bunting, Bob" <bbunting () fyinm org>]

> I'm curious if anyone knows of any software Windows or Linux that can
> monitor all traffic going out of the network, particularly any unusual
> traffic. I had a computer infected with a mass mailing program that sent
> out
> enough traffic to lock up my firewall the other day, which is also the
> firewall for all our web/mail/app servers. Any ideas would be greatly
> appreciated. Thanks in advance.

An alternative that would solve the problem is to implement egress filtering on the firewall and log every hit on the 
ACL used to do the egress filtering.  That way, you would keep your system from being abused by many of the current 
worms that carry their own SMTP engines and similar exploits and you would have a way of identifying machines that 
require further investigation.  Of course, Snort will look deeper and tell you more and you should use it.  An IDS is 
exactly what you are asking about in your post and Snort will run on either Windows or Linux.  But an egress filter is 
a better place to start for the problem you experienced.  

Bob Bunting, PhD, CISSP, CCNA, Net+, MCP
Director of Information Systems
Families and Youth Inc.


******************************************************************
This message and any accompanying documents are intended 
only for the use of the individual or entity to which it is addressed 
and may contain information that is privileged, confidential and 
exempt from disclosure under applicable law. If the reader of this
message is not the intended recipient or employee or agent responsible 
for delivering the message to the intended recipient, you are hereby 
notified that any dissemination, distribution or copying of the 
communication is strictly prohibited. All personal messages express views
solely of the sender, which are not to be attributed to Families and Youth 
Inc. or any of its affiliated organizations, and may not be distributed without
this disclaimer. If you received this message in error, please notify us 
immediately at postmaster () fyinm org.
********************************************************************



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------