Re: Monitoring software question

From: Jose Maria Lopez Hernandez (jkerouac_at_bgsec.com)
Date: 02/13/05


Date: Sun, 13 Feb 2005 12:34:27 +0100

Joe wrote:
> My understanding was that he did not give any indication on specifics.
> So, he wants to check on bandwidth usage, he can with the zywalls. it
> goes by ip, tells port and protocol connected to and what local pc did
> this. it won't do like user accounts no. but it will tell you where
> people go and what local computer did this. that's a yes it does what he
> wants. however he is not being 100% specific.

That was the only thing I was saying, that if he needed some kind of
monitoring not firewall specific he couldn't do it just with a firewall.

> the zywall will do everything he wants based on the info he gave which
> is not much at all. it does what i just said above, but if he wants
> anything more specific which he has not said then it may not do it. but
> with what he said in his post it will do everything and very well too in
> my use of it. also the sonicwall TZ150 will too, but only for 10
> devices/computers, for more it's have to be a more $ device. It has user
> accounts, all the BW info and so on.

Obviusly it all depends on what he really want to monitor and how.

> to check to see if something is business related, again he didn't get
> specific at all, so it can still do this. if they know ports then the
> routers tell him what was accessed, from who/what local ip and how much
> data was transferred.

But have in mind that many protocols that are administratively
prohibited in some enterprises, like Messenger can be tunneled through
open ports like 80, so you must have a proxy like squid or some kind
of IDS/IPS to check it.

> So it would do everything, but not everything if he wants more then what
> he has stated. No device can that i know of. like tell you what apps
> were really used etc. all they can do is what port, but again i am not
> sure.

I also don't know of any device or single software that can do what
he wants. If he really wants everything he talks about in the original
post and well done he will need a lot of software/hardware and a lot
of work. It's easy to ask for solutions to what may look like simple
problems to non ITs, but sometimes it's very difficult to implement
this solutions.

> and please Jose forigve me if I sounded harsh to you. I did not mean to
> and I'm very sorry if I was.

No, no. You didn't sounded harsh at all. And I always have in mind that
everyone that post to this newsgroups it's trying to help the original
poster, and I think both of us were doing that, so everything was OK,
I think we just tried to help the OP the best way that we could. Hope
the OP have his problem a little more clearer :-)

Kind regards.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAŅA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                 -- Jack Kerouac, "On the Road"


Relevant Pages

  • Re: Why wouldnt I do this with iptables?
    ... > maybe an ssh port and a mysql port? ... bgSEC Seguridad y Consultoria de Sistemas Informaticos ... The only people for me are the mad ones -- the ones who are mad to live, ... the ones who never yawn or say a commonplace thing, but burn, burn, burn ...
    (comp.os.linux.misc)
  • Re: Port numbers???
    ... > Does anyone know the port numbers used in internet radio???? ... bgSEC Seguridad y Consultoria de Sistemas Informaticos ... The only people for me are the mad ones -- the ones who are mad to live, ... the ones who never yawn or say a commonplace thing, but burn, burn, burn ...
    (comp.security.firewalls)
  • Re: Tool to find hidden web proxy server
    ... If you are portscanning to find proxies don't forget port 3128 as ... The only people for me are the mad ones -- the ones who are mad to live, ... the ones who never yawn or say a commonplace thing, but burn, burn, burn ... Ethical Hacking at the InfoSec Institute. ...
    (Pen-Test)
  • Re: How can I generate TCP/IP traffic (L2 lever and L3 lavel)
    ... > I would like to generate traffic with 'hping2' for both Routers on WAN ... > port side and let the traffic should switch to LAN ports, ... The only people for me are the mad ones -- the ones who are mad to live, ... the ones who never yawn or say a commonplace thing, but burn, burn, burn ...
    (comp.os.linux.networking)
  • Re: simple question about ip_forward and NAT routing.
    ... can access the internet. ... bgSEC Seguridad y Consultoria de Sistemas Informaticos ... The only people for me are the mad ones -- the ones who are mad to live, ... the ones who never yawn or say a commonplace thing, but burn, burn, burn ...
    (comp.os.linux.networking)