Network security
Rodolfo J. Paiz
rpaiz at simpaticus.com
Thu Jun 10 12:27:08 UTC 2004
At 02:37 6/10/2004, Chadley Wilson wrote:
>My network with approx 300 users is routed to the internet through a
>proxy and firewall, we have a DNS server and PDC Server.
>It is a winXplease network.
Is it a WinXP proxy/firewall? If so, changing *that* box to a Linux box
would be my first recommendation.
>1) Track an internal PC running a sniffer of some sort, obtain its ip
>and mac address, then stop it sniffing and maybe kick it off the
>network.
>
>2) Be alerted when someone tries to sniff from outside, trace him and
>obtain his details or ISP details.
Define "sniff". If you mean it the same way I do, as in passively listening
to as much traffic as possible for analysis in search of weaknesses, then I
don't think you can. Listening does not make any noise... it's the basic
principle of passive sonar arrays for submarines.
However, if in general you want security tools to detect malicious
activity, then I suggest using Shorewall [1] as your firewall package on
the Linux box, and Snort [2] for an intrusion detection system (IDS). Both
tools are top-of-the-line and will likely do a huge percentage of what you
want.
[1] http://www.shorewall.net
[2] http://www.snort.org
Cheers,
--
Rodolfo J. Paiz
rpaiz at simpaticus.com
http://www.simpaticus.com
More information about the fedora-list
mailing list