|
||||||||
Hello, I would like to know about what sorts of utilities exist for watching firewall logs as part of some sort of intrusion detection system. My specific immediate need is rather small and I could roll my own, but surely others have already done a better job. My specific immediate need is to watch for blocked LAN-side attempts to reach ports 137-139, 445, 25, etc. That is, I want to know fairly quickly if there is something on my network that is trying to do nasty things. Also, is there some set of rules that people recommend for being a "good network citizen"? That is, what should I try to prevent from leaving my network? -- Jeffrey Goldberg http://www.goldmark.org/jeff/ |