I would like to know about what sorts of utilities exist for watching
firewall logs as part of some sort of intrusion detection system.
My specific immediate need is rather small and I could roll my own, but
surely others have already done a better job.
My specific immediate need is to watch for blocked LAN-side attempts to
reach ports 137-139, 445, 25, etc. That is, I want to know fairly
quickly if there is something on my network that is trying to do nasty
Also, is there some set of rules that people recommend for being a
"good network citizen"? That is, what should I try to prevent from
leaving my network?
Jeffrey Goldberg http://www.goldmark.org/jeff/