Network security

Rodolfo J. Paiz rpaiz at
Thu Jun 10 12:27:08 UTC 2004

At 02:37 6/10/2004, Chadley Wilson wrote:
>My network with approx 300 users is routed to the internet through a
>proxy and firewall, we have a DNS server and PDC Server.
>It is a winXplease network.

Is it a WinXP proxy/firewall? If so, changing *that* box to a Linux box 
would be my first recommendation.

>1) Track an internal PC running a sniffer of some sort, obtain its ip
>and mac address, then stop it sniffing and maybe kick it off the
>2) Be alerted when someone tries to sniff from outside, trace him and
>obtain his details or ISP details.

Define "sniff". If you mean it the same way I do, as in passively listening 
to as much traffic as possible for analysis in search of weaknesses, then I 
don't think you can. Listening does not make any noise... it's the basic 
principle of passive sonar arrays for submarines.

However, if in general you want security tools to detect malicious 
activity, then I suggest using Shorewall [1] as your firewall package on 
the Linux box, and Snort [2] for an intrusion detection system (IDS). Both 
tools are top-of-the-line and will likely do a huge percentage of what you 




Rodolfo J. Paiz
rpaiz at

More information about the fedora-list mailing list