Security Incidents mailing list archives
Re: traffic logging
From: lance () SPITZNER NET (Lance Spitzner)
Date: Thu, 27 Apr 2000 06:50:54 -0500
On Wed, 26 Apr 2000, Jon Burdge wrote:
I've been seeing a lot of odd traffic on several of my machines and I was wondering what you folks suggest for logging traffic on a single machine. Several of the machines are Linux boxes, and I'd like the ability to log in depth. Things I'd like to capture would include things like stealth scans and odd packets.
I've had great success with snort. It can do everything TCPDump can do (even stores traces in TCPDump format). Also, it has extensive IDS capabilities (combined with whitehats.com) and in depth packet logging (to include keystroke logging). You can find snort at http://www.clark.net/~roesch/security.html Lance Spitzner http://www.enteract.com/~lspitz/papers.html
Current thread:
- Odd Firewall Entries Vincent Sweeney (Apr 20)
- Re: Odd Firewall Entries Jens Hektor (Apr 21)
- Re: Odd Firewall Entries Vincent Sweeney (Apr 24)
- <Possible follow-ups>
- Re: Odd Firewall Entries Ed Padin (Apr 24)
- Linuxconf probe Thomas Chiverton (Apr 26)
- Re: Odd Firewall Entries Eric Vyncke (Apr 26)
- traffic logging Jon Burdge (Apr 26)
- Re: traffic logging Lance Spitzner (Apr 27)
- Re: Odd Firewall Entries Robert Graham (Apr 26)
- Re: Odd Firewall Entries Ed Padin (Apr 27)
- Re: Odd Firewall Entries Jens Hektor (Apr 21)