Firewall Wizards mailing list archives
RE: potential network attacks
From: John Adams <jna () retina net>
Date: Sat, 15 Dec 2001 17:46:48 -0500 (EST)
No budget? Then why look at commercial products? $1500 to open an interface in promiscious mode is insanity. Take your dos box, install winpcap and tcpdump, or install linux and run tcpdump or any number of network traffic analysis tools freely available on the 'net. -j On Fri, 14 Dec 2001, Wayne T Work wrote:
Paul, Ethereal does work on NT with Winpcap, Windump is also available, Snort is very easy to set up on Windows with a quick look at www.silicondefence.com. The white paper there is pretty straight forward. To make this all possible, it is ALL free!!! -----Original Message----- From: firewall-wizards-admin () nfr com [mailto:firewall-wizards-admin () nfr com]On Behalf Of Paul Robertson Sent: Thursday, December 13, 2001 7:52 PM To: Daniel Handley Cc: firewall-wizards () nfr com Subject: Re: [fw-wiz] potential network attacks On Thu, 13 Dec 2001, Daniel Handley wrote:packet sniffer to view the traffic entering the network. unfortunately i have no budget (or maybe a very small one) and must usethedos/windows/nt environment.Ethereal.i have been following the discussions recently about snort, ethereal, etc but am under pressure to have a result yesterday and so don't have timeforany evaluation. can you please suggest a solutionSo load Ethereal and the NT pcap stuff and see if it meets your needs. It's not like it costs more than 5 minutes of time, unless you include the usual fumbling to make it use the right interface under Windows- but if you already know that it won't work without the extra click, it's only 5 seconds more than the 5 minutes to load pcap and Ethereal and read the basic docs. You can even skip the docs. It probably took you longer to type the note than it would have to load Ethereal, and sooner or later you'll need it for network diagnostics anyway.thanks in advance dan in addition does anyone know of a way to get logs (and decipher them) from the pix without using the nt syslog server that kills tcp connections when disconnected (not any good for web hosting). i intend to use snmp in the future but as usual haven't had the time to implement it yet. thanksagain.Is there a good reason that you're allergic to *nix-based syslogd? There's some natural protection in hetrogeneous environments, and SNMP hasn't historically been the most appropriate choice for DMZs. Paul ---------------------------------------------------------------------------- - Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
-- J. Adams http://www.retina.net/~jna ... and god divided the light from the darkness, and god called the light day and the darkness he called night... and god created man, and man created machine; and machine, machine created music, and the machine saw everything it had made, and it said, "Behold." _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Blocking at firewall via MAC address, (continued)
- Re: Blocking at firewall via MAC address Ryan Russell (Dec 15)
- Re: Blocking at firewall via MAC address Jeffrey Macko (Dec 15)
- Re: Blocking at firewall via MAC address Mark Coleman (Dec 15)
- Re: Blocking at firewall via MAC address Roelof JT Jonkman (Dec 22)
- Re: potential network attacks Tony Howlett (Dec 14)
- potential network attacks Daniel Handley (Dec 14)
- Re: potential network attacks Paul Robertson (Dec 14)
- Re: potential network attacks black (Dec 15)
- Re: potential network attacks Paul Robertson (Dec 16)
- RE: potential network attacks Wayne T Work (Dec 15)
- RE: potential network attacks John Adams (Dec 16)
- Re: potential network attacks black (Dec 15)
- Re: potential network attacks Shahryar Jahangir (Dec 14)
- RE: potential network attacks Tin Ngo (Dec 15)