Re: Network Traffic Monitor

[Miguel Ángel Pérez Muñoz <g-andromeda () iespana es>]

I think that better solution is sniffing all packets which remote point are
port 109, 110 and 25 (pop2, pop3 and smtp ports). One of your host have a
lot of conections, this is the host infected, but if you try this method,
the sniffer needs to be instaled between firewall and switches:

T1's > Router > Firewall > Switches > All servers and PC's
                                      ^ Sniffer.
----- Original Message ----- 
From: "Jason Haith" <jhaith () genesissys com>
To: "securityfocus" <security-basics () securityfocus com>
Sent: Wednesday, April 07, 2004 2:37 PM
Subject: Network Traffic Monitor


> I'm curious if anyone knows of any software Windows or Linux that can
> monitor all traffic going out of the network, particularly any unusual
> traffic. I had a computer infected with a mass mailing program that sent
out
> enough traffic to lock up my firewall the other day, which is also the
> firewall for all our web/mail/app servers. Any ideas would be greatly
> appreciated. Thanks in advance.
>
> Network Layout
> T1's > Router > Firewall > Switches > All servers and PC's
>
>
>
>
> Jason Haith
> Systems Administrator
> Genesis Systems
> 5712 S. 77th St
> Omaha, NE 68127
> Email: jhaith () genesissys com
>
>
> --------------------------------------------------------------------------
-
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or
less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------------------
--
> ---Publicidad--------------------------------------------------------
> Únete a los miles de sin pareja en Meetic... ¡te vas a enamorar!
> http://www.iespana.es/_reloc/email.meetic


---Publicidad--------------------------------------------------------
Juega con Ventura24.es, lotería inteligente y multiplica tus
posibilidades!! http://www.iespana.es/_reloc/email.ventura



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------