Hosting Provided By

Re: Strange Packet logs in ipchains

From: Bear Giles <bgiles(at)coyotesong.com>
Date: Wed Mar 26 2003 - 15:30:16 EST

Use snort, or something similiar to it, and set it up on a box without ipchains filtering. Set up rules that are essentially the complement of your firewall rules, and you'll catch all traffic that the firewalls are rejecting. There's then no need to run tcpdump explicity (or hit yourself in the head when you realize that tcpdump is running behind the packet filtering so it would never record anything).

You can even take this to an extreme - set it up on your firewall(s) and log ALL traffic trying to enter or leave your network. Let another process prune out the expected traffic, then examine what's left....

Bear

SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfsbl1 Received on Thu Mar 27 10:03:03 2003

This message: [ Message body ]
Next message: Burton M. Strauss III: "RE: Strange Packet logs in ipchains"
Previous message: JohnNicholson(at)aol.com: "Re: Security Approval Process"
In reply to: Sam Dirk: "Strange Packet logs in ipchains"
In reply to Mike Heitz: "RE: Strange Packet logs in ipchains"
Next in thread: Burton M. Strauss III: "RE: Strange Packet logs in ipchains"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:03:58 EDT