Re: [fw-wiz] Traffic Monitoring

From: Paul Robertson (
Date: 05/07/03

  • Next message: Paul Robertson: "Re: [fw-wiz] Traffic Monitoring"
    To: Zahid Ahmad Khan <>
    Date: Wed, 7 May 2003 07:41:40 -0400 (EDT)

    On Tue, 6 May 2003, Zahid Ahmad Khan wrote:

    > situation. They are paranoid about pilferage of research work and want
    > to monitor and log all email traffic (Vectors and contents of POP, SMTP
    > & IMAP). They require the following:
    > 1) Log all in and out bound emails (All employees have been duly
    > informed of the fact).

    Most brokerage houses do this.

    > 2) Generate email vector logs.
    > 3) Flag and stop any email with unauthorized contents.
    > 4) Only interested in traffic on the WAN and Internet interface (E-1,
    > E-3, OC-3, POS)
    > 5) Do not want to log or see any internal traffic which might be contain
    > sensitive R&D info.
    > I was thinking of putting together a system using pcap for capturing
    > traffic and using/developing an analysis reporting engine. Due to the
    > urgency of client requirements, I will appreciate if anyone could let me
    > know of any good analysis and reporting tools/systems or even a complete
    > monitoring system. At this moment I am open any inputs regarding
    > commercial as well as open source tools/products.

    SilentRunner claims to have been developed for exactly this sort of
    application. I've not used it for that particular function, but it looks
    as if it'd do it. I'm not aware of any other products that provide the
    same "track the content" functionality.

    Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact." Director of Risk Assessment TruSecure Corporation

    firewall-wizards mailing list

  • Next message: Paul Robertson: "Re: [fw-wiz] Traffic Monitoring"