Security Incidents mailing list archives
Re: FW-1 log analysis tool
From: lance () SPITZNER NET (Lance Spitzner)
Date: Sat, 10 Jun 2000 08:55:58 -0500
On Fri, 9 Jun 2000, Chew Poh Chang (CAPL) wrote:
In particular, I am looking for a tool which highlights the security incidents from a firewall-1 log, I dont care about bandwidth utilisation, web site hits, top X sources/destinations (except where this might indicate a scan/hack attempt.)
I developed a shell script that does just this, but with real time alerting capability. I and other have been using it for quite a while with great success. http://www.enteract.com/~lspitz/intrusion.html hope that helps :) Lance Spitzner http://www.enteract.com/~lspitz/papers.html
Current thread:
- Re: Port 6347, (continued)
- Re: Port 6347 Brian Macke (Jun 08)
- Re: Port 6347 Henry F. Marquardt (Jun 09)
- Re: What is this guy doing? Greg A. Woods (Jun 08)
- Port-scans from visited web-sites? Peter Bates (Jun 07)
- Re: Port-scans from visited web-sites? Joe McAlerney (Jun 08)
- Re: Port-scans from visited web-sites? Greg A. Woods (Jun 08)
- Re: Port-scans from visited web-sites? Erich Meier (Jun 10)
- scan log Max Gribov (Jun 11)
- Re: scan log Jason Witty (Jun 12)
- FW-1 log analysis tool Chew Poh Chang (CAPL) (Jun 08)
- Re: FW-1 log analysis tool Lance Spitzner (Jun 10)
- Re: FW-1 log analysis tool Kenneth Ish (Jun 11)
- port 12345 scanning Luke Dudney (Jun 11)
- Protocol 54 M J (Jun 07)
- Re: very strange scan patterns Ejovi Nuwere (Jun 07)
- hacked @home with logs and info.. nmorgowicz () RALCOIND COM (Jun 07)
- Re: hacked @home with logs and info.. Shadow Boxer (Jun 08)
- UDP Port 2078 Dundo (Jun 08)
- New KAK worm distribution out Roy Wilson (Jun 08)
- Re: hacked @home with logs and info.. Randy Mclean (Jun 09)