Re: Strange Packet logs in ipchains
From: Bear Giles (bgiles@coyotesong.com)
Date: 03/26/03
- Previous message: JohnNicholson@aol.com: "Re: Security Approval Process"
- In reply to: Sam Dirk: "Strange Packet logs in ipchains"
- Next in thread: Burton M. Strauss III: "RE: Strange Packet logs in ipchains"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 Mar 2003 13:30:16 -0700 From: Bear Giles <bgiles@coyotesong.com> To: Sam Dirk <samdirk@online.ie>
Sam Dirk wrote:
> The packets
> were seen three times over the course of the day but lasted
> for only one - two seconds so it was impossible to get a
> tcpdump.
Use snort, or something similiar to it, and set it up on a box
without ipchains filtering. Set up rules that are essentially the
complement of your firewall rules, and you'll catch all traffic
that the firewalls are rejecting. There's then no need to run
tcpdump explicity (or hit yourself in the head when you realize
that tcpdump is running behind the packet filtering so it would
never record anything).
You can even take this to an extreme - set it up on your
firewall(s) and log ALL traffic trying to enter or leave your
network. Let another process prune out the expected traffic, then
examine what's left....
Bear
-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1
- Previous message: JohnNicholson@aol.com: "Re: Security Approval Process"
- In reply to: Sam Dirk: "Strange Packet logs in ipchains"
- Next in thread: Burton M. Strauss III: "RE: Strange Packet logs in ipchains"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
