Re: Firewall / Network Monitoring

From: Lars M. Hansen (badnews_at_hansenonline.net)
Date: 02/14/04 

Date: Sat, 14 Feb 2004 13:23:11 GMT

On Fri, 13 Feb 2004 23:04:06 -0500, N. Hall spoketh

>Hi,
>
>I am using several different programs for monitoring my Firewall & Network.
>All of these programs allow for SMTP messages to be sent when certain
>conditions are met.
>
>My problem is that most conditions that I need to watch for (traffic on
>common virus ports, devices failing to ping, etc.) when they occur, they
>occur many times repeatedly, which generates an excessive amount of SMTP
>emails.
>

Why would you want to do this? Why would you want to torture yourself
like this? Does it matter that much that you get some probes on port 135
or 27374 that you'll have to drop whatever it is you are doing to read
an e-mail on your cell phone? What are you going to do with this
information? Call the offender? Will it improve your security?

If you have already reviewed the logs on a regular basis, you should
know that your firewall blocks these probes, and there's very little to
worry about. If you need to know more about it, write a perl script or
something that'll parse the logs and generate a daily report that'll
show you the top 25 probed ports, the top 25 offenders and all other
sorts of stuff you'd like to see. Sending e-mails to your cell-phone
should be considered an emergency measure only, like if there's a
poweroutage, and you have 15 minutes of battery power left ...

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.

Relevant Pages

  • Re: Opening port on workstation
    ... Our firewall is from Cisco and is specific for our industry as the FBI and NCIC require a specific level of encryption. ... It only works if the Administrator logs onto the computer, then logs out and the user logs in and starts the program. ... It will stay that way no matter the number of logins till the computer gets shut down, and then the administrator has to log in again to restore the ports. ...
    (microsoft.public.windows.server.sbs)
  • Re: Possible Compromise - Need Suggestions
    ... I've set up my firewall to log but accept outbound traffic to ... The destination ports for this traffic were in the ... > at this but a quick browse through the logs showed my box was also trying ... But I'd suspect it was the update process, if you can catch the traffic ...
    (comp.os.linux.security)
  • Re: Server being hacked!
    ... > I ma getting on my security event log mutiple failures to ... > that I can block them from TCPIP or from a firewall. ... It's far more important to block the right ports than to run around trying ... logs to that computer. ...
    (microsoft.public.win2000.security)
  • Re: IIS FTP and WWW through router firewall
    ... Whenever troubleshooting a possible firewall problem, ... check is always your firewall logs for which ports are being blocked and by ... Both HTTP and FTP also generally require DNS, which uses TCP and UDP ports ...
    (microsoft.public.inetserver.iis.security)
  • Re: Trouble accessing Outlook Web Access from behind firewall
    ... When starting the firewall I also set ... > rejected and dropped packets are logged, however I see nothing in my log ... > # Higher ports needed to accept incoming/outgoing calls ...
    (comp.security.firewalls)