Re: Sniffing split connections

• Previous message: cschooley_at_optivel.com: "Arpwatch Config Question"
• Maybe in reply to: Chris Mills: "Sniffing split connections"
• Next in thread: Adam Powers: "Re: Sniffing split connections"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Chris Mills <securinate@gmail.com>
Date: Mon, 18 Apr 2005 08:47:26 +0100

You could try using a Symantec ManHunt or SNS unit; they can
cross-correlate between interfaces. YMMV, but it has worked for me before.
Try an eval SNS box and see how it works for you.

--------------------------------------------------
J o h a n n v a n D u y n
--------------------------------------------------
"The most common of all follies
  is to believe passionately in the palpably not true.
  It is the chief occupation of mankind."
--H. L. Mencken

_____________________________________________________________________
Confidentiality Notice: The information in this document and attachments is confidential and may also be legally privileged. It is intended only for the use of the named recipient.
Internet communications are not secure and therefore British American Tobacco does not accept legal responsibility for the contents of this message.
If you are not the intended recipient, please notify us immediately and then delete this document. Do not disclose the contents of this document to any other person, nor take any copies.
Violation of this notice may be unlawful.
______________________________________________________________________

--------------------------------------------------------------------------
Stop hurting your network!
 
The NeVO passive vulnerability sensor continuously finds vulnerabilities,
applications and new hosts without the need for network scanning.
It also finds compromised systems with application-based intrusion detection.
Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------

• Previous message: cschooley_at_optivel.com: "Arpwatch Config Question"
• Maybe in reply to: Chris Mills: "Sniffing split connections"
• Next in thread: Adam Powers: "Re: Sniffing split connections"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: GFI SELM Question ... GFI functionality goes down and/or the ... applications and new hosts without the need for network scanning. ... If you are not the intended recipient, or an employee or agent responsible ... The NeVO passive vulnerability sensor continuously finds vulnerabilities, ... (Focus-IDS) Re: Jabber and Proventia G ... I think the best you can do is create a Trons (Snort because ISS tried ... > The NeVO passive vulnerability sensor continuously finds vulnerabilities, ... > applications and new hosts without the need for network scanning. ... (Focus-IDS) Re: CISCOs new IPS ... And the acid test: do they make you feel "warm and fuzzy ... Confidentiality Notice: The information in this document and attachments is confidential and may also be legally privileged. ... It is intended only for the use of the named recipient. ... If you are not the intended recipient, please notify us immediately and then delete this document. ... (Focus-IDS) Re: GFI SELM Question ... I have done a couple implementations, up to around 200 servers without ... >> The NeVO passive vulnerability sensor continuously finds vulnerabilities, ... >> applications and new hosts without the need for network scanning. ... (Focus-IDS) New Honeynet Project SotM Challenge #34 ... on the honeypot by various monitoring and auditing systems in order to ... The NeVO passive vulnerability sensor continuously finds vulnerabilities, ... applications and new hosts without the need for network scanning. ... It also finds compromised systems with application-based intrusion detection. ... (Focus-IDS)