RE: Monitor XP (ICS ) client connections?

["David Gillett" <gillettdavid () fhda edu>]

  I neglected to mention that changing the network topology is
not going to be a popular answer.  The current Internet connection
is by way of a device that connects to the gateway machine via USB, 
so inserting a router between the two cannot easily be done.

  However, I believe most of the suggestions I've received so far 
will show the external address of the gateway and not the internal
address of the client, unless they're actually installed on the 
client instead of the gateway.  This solution at least avoids that
problem.

David Gillett


> -----Original Message-----
> From: Garzona, Harry [mailto:GarzoHa () ffhsj com]
> Sent: Sunday, April 25, 2004 8:38 AM
> To: Meidinger Chris; gillettdavid () fhda edu;
> security-basics () securityfocus com
> Subject: RE: Monitor XP (ICS ) client connections?
>
>
> Dave:
>
>     For a few dollars your friend can go out and purchase a 
> small router
> (Linksys, netgear, etc) that does NAT and has logging 
> capabilities. This
> would be the user level quick solution because it will identify the IP
> address of the machine and the sites visited in a simple to read
> interface. Most devices will even e-mail you the logs.
> Hope this helps,
>
> Harry
>
> -----Original Message-----
> From: Meidinger Chris [mailto:chris.meidinger () badenit de] 
> Sent: Thursday, April 22, 2004 12:51 PM
> To: gillettdavid () fhda edu; security-basics () securityfocus com
> Subject: RE: Monitor XP (ICS ) client connections?
>
> Hi Dave,
>
> is he looking for specific sites, or does he want to analyze 
> traffic to
> check what his employees are up to? If he is looking for 
> specific sites,
> a
> simple logging proxy server with grep would be the simplest. 
> If he needs
> some kind of interface where he can click through the sites that his
> employees have visited, then I think Edward Miller's 
> suggestions should
> be
> fine.
>
> It just depends what he is monitoring for.
>
> Cheers,
>
> Chris Meidinger
>
> > -----Original Message-----
> > From: David Gillett [mailto:gillettdavid () fhda edu] 
> > Sent: Monday, April 19, 2004 6:59 PM
> > To: security-basics () securityfocus com
> > Subject: Monitor XP (ICS ) client connections?
> >
> >   A friend who runs a small business (across the continent 
> > from me, currently) is using XP with connection sharing, and 
> > has expressed concern that some of his employees may be 
> > endangering the network by visiting URLs they shouldn't.  
> > He'd like to be able to do some basic monitoring of the ICS 
> > connection, without getting into full-blown sniffing and 
> > packet disassembly.
> >
> >   Can anyone recommend (or, based on experience, recommend 
> > against!) tools for this job?  It doesn't have to be in real 
> > time, it's okay if it sits in the background collecting info 
> > and he just checks it every now and then.
> >
> > Dave Gillett
> >
> >
> >
> > --------------------------------------------------------------
> > -------------
> > Ethical Hacking at the InfoSec Institute. Mention this ad and 
> > get $545 off any course! All of our class sizes are 
> > guaranteed to be 10 students or less to facilitate one-on-one 
> > interaction with one of our expert instructors. 
> > Attend a course taught by an expert instructor with years of 
> > in-the-field pen testing experience in our state of the art 
> > hacking lab. Master the skills of an Ethical Hacker to better 
> > assess the security of your organization. 
> > Visit us at: 
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> > --------------------------------------------------------------
> > --------------
>
> --------------------------------------------------------------
> ----------
> ---
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
> off 
> any course! All of our class sizes are guaranteed to be 10 students or
> less 
> to facilitate one-on-one interaction with one of our expert 
> instructors.
>
> Attend a course taught by an expert instructor with years of
> in-the-field 
> pen testing experience in our state of the art hacking lab. Master the
> skills 
> of an Ethical Hacker to better assess the security of your 
> organization.
>
> Visit us at: 
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------
> ----------
> ----
>
>
>
>
>
> _______________________
> Confidentiality Notice:  The information contained in this 
> e-mail and any attachments may be legally privileged and 
> confidential.  If you are not an intended recipient, you are 
> hereby notified that any dissemination, distribution or 
> copying of this e-mail is strictly prohibited.  If you have 
> received this e-mail in error, please notify the sender and 
> permanently delete the e-mail and any attachments 
> immediately.  You should not retain, copy or use this e-mail 
> or any attachment for any purpose, nor disclose all or any 
> part of the contents to any other person.   Thank you.

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------