RE: potential network attacks

[John Adams <jna () retina net>]

No budget? Then why look at commercial products? $1500 to open an
interface in promiscious mode is insanity.

Take your dos box, install winpcap and tcpdump, or install linux and run
tcpdump or any number of network traffic analysis tools freely available
on the 'net.

-j


On Fri, 14 Dec 2001, Wayne T Work wrote:

> Paul,
>
> Ethereal does work on NT with Winpcap, Windump is also available, Snort is
> very easy to set up on Windows with a quick look at www.silicondefence.com.
> The white paper there is pretty straight forward. To make this all possible,
> it is ALL free!!!
>
> -----Original Message-----
> From: firewall-wizards-admin () nfr com
> [mailto:firewall-wizards-admin () nfr com]On Behalf Of Paul Robertson
> Sent: Thursday, December 13, 2001 7:52 PM
> To: Daniel Handley
> Cc: firewall-wizards () nfr com
> Subject: Re: [fw-wiz] potential network attacks
>
>
> On Thu, 13 Dec 2001, Daniel Handley wrote:
>
> > packet sniffer to view the traffic entering the network.
> > unfortunately i have no budget (or maybe a very small one) and must use
> the
> > dos/windows/nt environment.
>
> Ethereal.
>
> > i have been following the discussions recently about snort, ethereal, etc
> > but am under pressure to have a result yesterday and so don't have time
> for
> > any evaluation.
> > can you please suggest a solution
>
> So load Ethereal and the NT pcap stuff and see if it meets your needs.
> It's not like it costs more than 5 minutes of time, unless you include the
> usual fumbling to make it use the right interface under Windows- but if
> you already know that it won't work without the extra click, it's only 5
> seconds more than the 5 minutes to load pcap and Ethereal and read the
> basic docs.  You can even skip the docs.
>
> It probably took you longer to type the note than it would have to load
> Ethereal, and sooner or later you'll need it for network diagnostics
> anyway.
>
> > thanks in advance
> >
> > dan
> >
> > in addition does anyone know of a way to get logs (and decipher them) from
> > the pix without using the nt syslog server that kills tcp connections when
> > disconnected (not any good for web hosting). i intend to use snmp in the
> > future but as usual haven't had the time to implement it yet. thanks
> again.
> >
>
> Is there a good reason that you're allergic to *nix-based syslogd?
> There's some natural protection in hetrogeneous environments, and SNMP
> hasn't historically been the most appropriate choice for DMZs.
>
> Paul
> ----------------------------------------------------------------------------
> -
> Paul D. Robertson      "My statements in this message are personal opinions
> proberts () patriot net      which may have no basis whatsoever in fact."
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://list.nfr.com/mailman/listinfo/firewall-wizards
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://list.nfr.com/mailman/listinfo/firewall-wizards

--
J. Adams                                        http://www.retina.net/~jna
... and god divided the light from the darkness, and god called the
light day and the darkness he called night... and god created man, and
man created machine; and machine, machine created music, and the
machine saw everything it had made, and it said, "Behold."




_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards