Re: potential network attacks

[Paul Robertson <proberts () patriot net>]

On Thu, 13 Dec 2001, Daniel Handley wrote:

> packet sniffer to view the traffic entering the network.
> unfortunately i have no budget (or maybe a very small one) and must use the
> dos/windows/nt environment.

Ethereal.

> i have been following the discussions recently about snort, ethereal, etc
> but am under pressure to have a result yesterday and so don't have time for
> any evaluation.
> can you please suggest a solution

So load Ethereal and the NT pcap stuff and see if it meets your needs.
It's not like it costs more than 5 minutes of time, unless you include the
usual fumbling to make it use the right interface under Windows- but if
you already know that it won't work without the extra click, it's only 5
seconds more than the 5 minutes to load pcap and Ethereal and read the
basic docs.  You can even skip the docs.

It probably took you longer to type the note than it would have to load
Ethereal, and sooner or later you'll need it for network diagnostics
anyway.

> thanks in advance
>
> dan
>
> in addition does anyone know of a way to get logs (and decipher them) from
> the pix without using the nt syslog server that kills tcp connections when
> disconnected (not any good for web hosting). i intend to use snmp in the
> future but as usual haven't had the time to implement it yet. thanks again.

Is there a good reason that you're allergic to *nix-based syslogd?
There's some natural protection in hetrogeneous environments, and SNMP
hasn't historically been the most appropriate choice for DMZs.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards