[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Network security



At 02:37 6/10/2004, Chadley Wilson wrote:
My network with approx 300 users is routed to the internet through a
proxy and firewall, we have a DNS server and PDC Server.
It is a winXplease network.

Is it a WinXP proxy/firewall? If so, changing *that* box to a Linux box would be my first recommendation.


1) Track an internal PC running a sniffer of some sort, obtain its ip
and mac address, then stop it sniffing and maybe kick it off the
network.

2) Be alerted when someone tries to sniff from outside, trace him and
obtain his details or ISP details.

Define "sniff". If you mean it the same way I do, as in passively listening to as much traffic as possible for analysis in search of weaknesses, then I don't think you can. Listening does not make any noise... it's the basic principle of passive sonar arrays for submarines.


However, if in general you want security tools to detect malicious activity, then I suggest using Shorewall [1] as your firewall package on the Linux box, and Snort [2] for an intrusion detection system (IDS). Both tools are top-of-the-line and will likely do a huge percentage of what you want.

[1] http://www.shorewall.net

[2] http://www.snort.org

Cheers,


-- Rodolfo J. Paiz rpaiz simpaticus com http://www.simpaticus.com



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]