RE: Looking for IP Address logging / monitor Application

["Malick Sy" <sy_malick () hotmail com>]

 I believe you may be concentrating on the wrong area..arpwatch monitors
local device mac to ip pairings and can send emails everytime a new MAC/IP
pairing is detected..

http://www.securityfocus.com/tools/142

I don’t know of any tool that can do exactly what you request, guess that is
the job of ids/ips devices, firewalls and proxy servers..Good luck and let
us know if you find an app that addresses the req. Ciao


-----Original Message-----
From: blaze spinnaker [mailto:blazespinnaker () gmail com] 
Sent: 03 February 2010 09:06
To: Malick Sy
Cc: security-basics () securityfocus com
Subject: Re: Looking for IP Address logging / monitor Application

I want to be able to view traffic by good and bad ip addresses.  Kind of
like link logger or wallwatcher, but something much more straightforward and
simple.

Basically, I have a set of IP addresses which are OK to send UDP or TCP
packets from my network.

If there is any outgoing traffic to an IP address that is not in the OK list
then I want to flag and show it and be given the opportunity to put it in
the good list.

"Like a firewall? Or ACL?
Other than that, if you get compromised/infected in the future, you may be
missing half the picture if you focus your investigation only on the "bad"
IPs.
"

I have firewalls/routers, virus detection, etc.    I agree, if I get
compromised then there are other steps I want to take.

However, it seems to me, the only real way to be assured that I compromised
is to make sure outgoing traffic from my network is only going to 'good' ip
addresses, even then of course you can't be sure.

Of course, if I get hit by a zero day root kit virus which is staged from my
banking website, what can I really do?  What can anyone do?


On Tue, Feb 2, 2010 at 2:31 AM, Malick Sy <sy_malick () hotmail com> wrote:
> Sorry but your requirement is not clear?
> What is good IP in your view? And why would you spend time creating a 
> list of such characteristics. What exactly are you trying to do?
> Are you trying to sniff the network? And run a program to analyse the 
> saved captures for certain IP ranges?
>
> Apologies if this isn't very helpful, but your requirements aren't clear.
> Say exactly what you want to do, and someone might point you in the 
> right direction.
>
> -----Original Message-----
> From: listbounce () securityfocus com 
> [mailto:listbounce () securityfocus com] On Behalf Of blaze spinnaker
> Sent: 01 February 2010 07:26
> To: security-basics () securityfocus com
> Subject: Looking for IP Address logging / monitor Application
>
> I posted this on PenTest but realize now that it's probably more 
> appropriate for this list.
>
> Pretty specific needs .. just want something that will show a list of 
> good and bad IP addresses that are churning through my windows computer.
> Good ip addresses are addresses I've set to be good and bad ip 
> addresses are ip addreses I either have yet to set as good or I've set as
bad.
> Prefer something I don't have to have a seperate pcap program for, but 
> is all in one.
>
> So, imagine an app with two tables.   one table on top with the bad ip 
> addresses and one table on the bottom with the good ip addresses, and 
> the ability to click to make the system remember in the future which 
> table to put the ip address in.
> Should do host name lookups as well.
>
> Anyone know of such a thing?  Open source would be ideal!
> Cheers,
> Blaze.
>
> ----------------------------------------------------------------------
> -- Securing Apache Web Server with thawte Digital Certificate In this 
> guide we examine the importance of Apache-SSL and who needs an SSL 
> certificate.  We look at how SSL works, how it benefits your company 
> and how your customers can tell if a site is secure. You will find out 
> how to test, purchase, install and use a thawte Digital Certificate on 
> your Apache web server.
> Throughout, best practices for set-up are highlighted to help you 
> ensure efficient ongoing management of your encryption keys and 
> digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
> 42f727
> d1
> ----------------------------------------------------------------------
> --
>
>
>
> ----------------------------------------------------------------------
> -- Securing Apache Web Server with thawte Digital Certificate In this 
> guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
> 42f727d1
> ----------------------------------------------------------------------
> --


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------