Firewall Wizards mailing list archives

RE: potential network attacks

From: "Wayne T Work" <securitygauntlet () snet net>
Date: Fri, 14 Dec 2001 22:14:49 -0500

Paul,

Ethereal does work on NT with Winpcap, Windump is also available, Snort is
very easy to set up on Windows with a quick look at www.silicondefence.com.
The white paper there is pretty straight forward. To make this all possible,
it is ALL free!!!

-----Original Message-----
From: firewall-wizards-admin () nfr com
[mailto:firewall-wizards-admin () nfr com]On Behalf Of Paul Robertson
Sent: Thursday, December 13, 2001 7:52 PM
To: Daniel Handley
Cc: firewall-wizards () nfr com
Subject: Re: [fw-wiz] potential network attacks


On Thu, 13 Dec 2001, Daniel Handley wrote:

packet sniffer to view the traffic entering the network.
unfortunately i have no budget (or maybe a very small one) and must use

the

dos/windows/nt environment.


Ethereal.

i have been following the discussions recently about snort, ethereal, etc
but am under pressure to have a result yesterday and so don't have time

for

any evaluation.
can you please suggest a solution


So load Ethereal and the NT pcap stuff and see if it meets your needs.
It's not like it costs more than 5 minutes of time, unless you include the
usual fumbling to make it use the right interface under Windows- but if
you already know that it won't work without the extra click, it's only 5
seconds more than the 5 minutes to load pcap and Ethereal and read the
basic docs.  You can even skip the docs.

It probably took you longer to type the note than it would have to load
Ethereal, and sooner or later you'll need it for network diagnostics
anyway.


thanks in advance

dan

in addition does anyone know of a way to get logs (and decipher them) from
the pix without using the nt syslog server that kills tcp connections when
disconnected (not any good for web hosting). i intend to use snmp in the
future but as usual haven't had the time to implement it yet. thanks

again.


Is there a good reason that you're allergic to *nix-based syslogd?
There's some natural protection in hetrogeneous environments, and SNMP
hasn't historically been the most appropriate choice for DMZs.

Paul
----------------------------------------------------------------------------
-
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Blocking at firewall via MAC address, (continued)
- - - Re: Blocking at firewall via MAC address Patrick Darden (Dec 17)
  - Re: Blocking at firewall via MAC address Ryan Russell (Dec 15)
  - Re: Blocking at firewall via MAC address Jeffrey Macko (Dec 15)
  - Re: Blocking at firewall via MAC address Mark Coleman (Dec 15)
  - Re: Blocking at firewall via MAC address Roelof JT Jonkman (Dec 22)
- Re: potential network attacks Tony Howlett (Dec 14)
  - potential network attacks Daniel Handley (Dec 14)
- Re: potential network attacks Paul Robertson (Dec 14)
  - Re: potential network attacks black (Dec 15)
    - Re: potential network attacks Paul Robertson (Dec 16)
  - RE: potential network attacks Wayne T Work (Dec 15)
    - RE: potential network attacks John Adams (Dec 16)
- Re: potential network attacks Shahryar Jahangir (Dec 14)
- RE: potential network attacks Tin Ngo (Dec 15)