Re: [fw-wiz] SCADA

Brian Loe wrote:
We have a data logger system
that needs to be able to talk to both networks, it's in a DMZ with TWO
firewalls between the corporate network and the control network.

BTW - I know your data logging application is not syslog, but - in
case the problem ever comes up for someone on this list, I've published
the source for "plog" on my website. It's in my code archives on:
"Plog is a promiscuous syslog listener. It sucks UDP syslog packets up off a network, rips the message screaming and kicking out of the packet body, and stuffs it into /dev/log. This program supports a bare minimum of options. Be very careful you do not use plog to inject messages into a syslog server that forwards the messages to a loghost over a network! It will hurt! (the good news is you'll get lots of log messages..)"

Oddly, plog works faster than regular UDP syslog on some systems,
because the bpf implementations are sometimes faster than the UDP

Marcus J. Ranum CSO, Tenable Network Security, Inc.
firewall-wizards mailing list

Relevant Pages

  • RE: [fw-wiz] Firewalls v. Router ACLs
    ... people to take in consideration in network design and layout. ... here and the old firewalls list often emphasized an approach that avoided ... The logging alert features alone turn this layer into a IDS as ... > An appropriately sized router will not have any performance problems. ...
  • [fw-wiz] IDS/IPS and LOGS
    ... nasty behavior is happening on your network (where your network is ... easily turn your IPS into a big denial of service attack. ... My guess is that most of the Worlds firewalls and IDS/IPS only have half ... I noticed that there is a big emphasis on log parsing while there should ...
  • Re: Establish persistant outbound connection for covert application
    ... which firewalls are running etc.) and then communicate its ... the actual network layer. ... They do have 2 network interfaces in case I want to chain them between a PC ... They also have a wireless interface so I can hook into the machine if I am ...
  • Re: Going meta (was RE: [fw-wiz] Ok, so now we have a firewall...)
    ... but today's firewalls let too much stuff back ... > why people feel they need to compromise. ... Last spring we completely re-engineered the network for a large school ... All these segments are set up on separate VLANs and communicate with each ...
  • Re: Linksys router as Firewall
    ... > There are many different levels of firewalls. ... acts as an interface between two networks (e.g., the Internet and an ... protecting the internal network from electronic attacks originating from ... filtering outgoing traffic for security and network usage rules ...