[ previous ] [ next ] [ threads ]
 
 From:  Chet Harvey <chet at pittech dot com>
 To:  Jeffrey Goldberg <jeffrey at goldmark dot org>
 Cc:  Monowall Mailing List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] IDS or log watching utilities
 Date:  Wed, 6 Oct 2004 18:43:09 -0400
you could do it the hard way (but more info), by sending all your log files 
over to a syslog server and run Snort against them. Or for simplicity (less 
info), still send them to a syslog server and run a basic utility like fwlogger 
that just give a pretty HTML page of who is doing what.....


Chet Harvey
Pitbull Technologies <http://www.pittech.com/> 
Protecting your Digital Assets
703.407.7311


Quoting Jeffrey Goldberg <jeffrey at goldmark dot org>:

> Hello,
> 
> I would like to know about what sorts of utilities exist for watching 
> firewall logs as part of some sort of intrusion detection system.
> 
> My specific immediate need is rather small and I could roll my own, but 
> surely others have already done a better job.
> 
> My specific immediate need is to watch for blocked LAN-side attempts to 
> reach ports 137-139, 445, 25, etc.  That is, I want to know fairly 
> quickly if there is something on my network that is trying to do nasty 
> things.
> 
> Also, is there some set of rules that people recommend for being a 
> "good network citizen"?  That is, what should I try to prevent from 
> leaving my network?
> 
> 
> -- 
> Jeffrey Goldberg                        http://www.goldmark.org/jeff/
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>