nanog mailing list archives
Using snort to detect if your users are doing interesting things?
From: "Drew Weaver" <drew.weaver () thenap com>
Date: Thu, 9 Jun 2005 11:45:54 -0400
Howdy, I am not sure if this is the proper place, if not I've noticed you guys know what to do so I'll put the fire retardant suit on now. Recently due to growth we have seen an influx of "different" and "interesting" types of characters ending up on our network. They like to do all sorts of things, port scan /8s spam, setup botnets with the controllers hosted on my network.. etc. I'm wondering what is the best way to detect people doing these things on my end. I realize there are methods to protect myself from people attacking from the outside but I'm not real sure how to pinpoint who is really being loud on the inside. I did have one somewhat silly question.. if you look at the statistics of a Fast Ethernet port, and it is doing both 2000 pps out, and 2000 pps in (pretty much equal in/out) but hardly any bandwidth at all can anyone think of a single application that would mimic that behavior? Sorry if this is elementary network school knowledge. -Drew
Current thread:
- Using snort to detect if your users are doing interesting things? Drew Weaver (Jun 09)
- Re: Using snort to detect if your users are doing interesting things? Thor Lancelot Simon (Jun 09)
- Re: Using snort to detect if your users are doing interesting things? trainier (Jun 09)
- Re: Using snort to detect if your users are doing interesting things? Steven M. Bellovin (Jun 09)
- Re: Using snort to detect if your users are doing interesting things? Christian Kuhtz (Jun 09)
- Re: Using snort to detect if your users are doing interesting things? Randy Bush (Jun 09)
- Re: Using snort to detect if your users are doing interesting things? Kim Onnel (Jun 09)
- Re: Using snort to detect if your users are doing interesting things? Jeroen Massar (Jun 10)
- Re: Using snort to detect if your users are doing interesting things? trainier (Jun 09)
- Re: Using snort to detect if your users are doing interesting things? Thor Lancelot Simon (Jun 09)
- Re: Using snort to detect if your users are doing interesting things? Christian Kuhtz (Jun 09)