Security Basics mailing list archives
RE: Network Traffic Monitor
From: "Burton M. Strauss III" <BStrauss () acm org>
Date: Thu, 8 Apr 2004 10:22:08 -0500
One of the clever things our users do with ntop is to create a filter that eliminates 'normal' traffic. You then use ntop to monitor for things you don't expect to see. For example, say you are monitoring your DMZ, where your mail server is a.b.c.2 and your web server is a.b.c.3. Running ntop with the filter (standard bpf filter syntax): "not ((host a.b.c.2 and port 25) or (host a.b.c.3 and port 80))" will collect only DMZ traffic other than the services you think you provide. During one of the last worm attacks, one user created this type of instance, identified the infected user and had them blown off the network inside of 15 minutes. End of problem. Check out the new v3.0 -- lots more stable, lots of new features and fixes - available @ SourceForge! -----Burton
-----Original Message----- From: C.Brauckmiller () lek com [mailto:C.Brauckmiller () lek com] Sent: Wednesday, April 07, 2004 12:23 PM To: Jason Haith Cc: securityfocus Subject: Re: Network Traffic Monitor NTOP Both *nix and Win32 ports available. www.ntop.org Craig
<snip /> --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Network Traffic Monitor Jason Haith (Apr 07)
- Re: Network Traffic Monitor C . Brauckmiller (Apr 07)
- RE: Network Traffic Monitor Burton M. Strauss III (Apr 08)
- RE: Network Traffic Monitor Eric Thirolle (Apr 07)
- RE: Network Traffic Monitor JTH (Apr 08)
- Re: Network Traffic Monitor Miguel Ángel Pérez Muñoz (Apr 08)
- <Possible follow-ups>
- RE: Network Traffic Monitor Shawn Jackson (Apr 07)
- RE: Network Traffic Monitor Kamran Muzaffer (Apr 12)
- Re: Network Traffic Monitor C . Brauckmiller (Apr 07)