Re: [fw-wiz] Syslog montioring and usage.

From: Ng Pheng Siong (ngps_at_netmemetic.com)
Date: 07/14/04

  • Next message: Melson, Paul: "RE: [fw-wiz] Syslog montioring and usage."
    To: Chad Thomsen <chad.thomsen@bramespecialty.com>
    Date: Wed, 14 Jul 2004 06:59:15 +0800
    
    

    On Mon, Jul 12, 2004 at 01:54:07PM -0400, Chad Thomsen wrote:
    > I would like to better find out what the messages mean, and how to track
    > down port scans, and other security related issues that syslog may
    > reveal. To sum it up I want to be able to have a good understanding of a
    > log file that comes form a Pix.

    Your Cisco PIX docu set contains a PDF file entitled, "Cisco PIX Firewall
    System Log Messages." Check that out.

    On tracking down port scans, you may want to look at SnortSam and its PIX
    plugin. Essentially, SnortSam is a clone of Checkpoint FW-1's Suspicious
    Activity Monitor (SAM), wherein dynamic firewall rules may be
    created/destroyed in response to, um, suspicious activities. ;-)

        http://www.snortsam.net

    Cheers.

    -- 
    Ng Pheng Siong <ngps@netmemetic.com> 
    http://firewall.rulemaker.net -+- Cisco PIX & Netscreen Config Version Control 
    http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Melson, Paul: "RE: [fw-wiz] Syslog montioring and usage."

    Relevant Pages

    • Re: keeping ports open
      ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ...
      (microsoft.public.security)
    • Re: How to Maintain an IIS Server?
      ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
      (microsoft.public.inetserver.iis.security)
    • Re: CEICW fails at firewall config
      ... ISA Server prevents connection to a remote desktop when you connect through ... Remote Web Workplace on a Windows Small Business Server 2003-based computer ... Acceleration Server as a firewall. ... connection uses TCP port 4125. ...
      (microsoft.public.windows.server.sbs)
    • Re: How to Maintain an IIS Server?
      ... >> server running on a Windows 2000 server. ... > before a firewall and antivirus have been installed]. ... > program or executable using that port. ...
      (microsoft.public.inetserver.iis.security)
    • Re: Is secedit.exe left by a hacker?
      ... > tested on port 445. ... > I have a Linksys router that I use as a firewall to my ... Secedit.exe is the name of a legitimate Windows file, ... investigate the files on your computer - antivirus with the latest updates ...
      (microsoft.public.win2000.security)