Date: Fri, 2 Mar 2001 00:27:44 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Ben <ben@cahostnet.com> Cc: questions@freebsd.org Subject: Re: Firewall Monitoring Message-ID: <20010302002744.A48587@mollari.cthul.hu> In-Reply-To: <001f01c0a24d$9fcb3490$6102a00a@nhqadmin17>; from ben@cahostnet.com on Thu, Mar 01, 2001 at 07:46:21AM -0500 References: <001f01c0a24d$9fcb3490$6102a00a@nhqadmin17>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Thu, Mar 01, 2001 at 07:46:21AM -0500, Ben wrote: > I have a 4.2-STABLE bsd server running ipfw and nat. I will like to > monitor firewall activities on the box. What is the best way to do > this? I will like to do this live, see packets as they travel to and > from the firewall. Also I will like to run monthly reports on the > firewall using log files of course. Any help will be appreciated. If you're looking for something which reports suspicious traffic, you can't go past snort (see ports collection) with the ArachNIDS ruleset from www.whitehats.com/ids It's not a firewall, but complements one by telling you exactly what noteworthy packets were being sent your way, and recognising a wide range of attack/probe signatures. As for the firewall analysis, it's not that hard to parse information out the of logs made from ipfw to syslog. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6n1mAWry0BWjoQKURAkGRAJ9C479SRnsUDdHOGNtl/MJjSawjTQCghjlX xFX25EQ5qXGTZF9sqAKfwZ8= =5uiL -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010302002744.A48587>