Date: Fri, 2 Mar 2001 00:27:44 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Ben <ben@cahostnet.com> Cc: questions@freebsd.org Subject: Re: Firewall Monitoring Message-ID: <20010302002744.A48587@mollari.cthul.hu> In-Reply-To: <001f01c0a24d$9fcb3490$6102a00a@nhqadmin17>; from ben@cahostnet.com on Thu, Mar 01, 2001 at 07:46:21AM -0500 References: <001f01c0a24d$9fcb3490$6102a00a@nhqadmin17>
next in thread | previous in thread | raw e-mail | index | archive | help
--zYM0uCDKw75PZbzx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Mar 01, 2001 at 07:46:21AM -0500, Ben wrote: > I have a 4.2-STABLE bsd server running ipfw and nat. I will like to > monitor firewall activities on the box. What is the best way to do > this? I will like to do this live, see packets as they travel to and > from the firewall. Also I will like to run monthly reports on the > firewall using log files of course. Any help will be appreciated. If you're looking for something which reports suspicious traffic, you can't go past snort (see ports collection) with the ArachNIDS ruleset from www.whitehats.com/ids It's not a firewall, but complements one by telling you exactly what noteworthy packets were being sent your way, and recognising a wide range of attack/probe signatures. As for the firewall analysis, it's not that hard to parse information out the of logs made from ipfw to syslog. Kris --zYM0uCDKw75PZbzx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6n1mAWry0BWjoQKURAkGRAJ9C479SRnsUDdHOGNtl/MJjSawjTQCghjlX xFX25EQ5qXGTZF9sqAKfwZ8= =5uiL -----END PGP SIGNATURE----- --zYM0uCDKw75PZbzx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010302002744.A48587>