On Apr 15, 3:31pm, Marcus J Ranum wrote:
> Subject: Re: Is there an FTP client that logs activity?
> >Is there an ftp client that can replace the one that
> >comes from SCO for SCO ODT 1.1/2.0 that will log
> >the file transfers that people do?
> The one on gatekeeper.dec.com in pub/DEC does so, I believe. It
> logs the GET/PUT commands users issue.
> >The aim obviously is to keep tracking of files that
> >are brought into the local network from the outside.
> >This is in addition to manually screening code and
> >virus checking binaries.
> The problem is that if I can FTP from the net, I can FTP the
> sources for a client FTP and use my own, which does no logging.
> This problem you're dealing with is why I designed the FTP
> applications gateway DEC (and its SEAL customers) use - the only way
> to *really* know that you're getting an accurate picture of what is
> going in or out via FTP is to interpose a block and have an application
> gateway that logs traffic. The DEC FTP gateway also lets the firewall
> manager select what to log, and gives the ability to block certain
> commands directionally, depending on who is talking to whom.
> Virii are a whole 'nother, very, very tricky issue. With all
> the zillions of ASCII encodings of binaries and with the ability to
> Email stuff, it's almost impossible to prevent people from bringing
> in virii, other than through educating them.
>-- End of excerpt from Marcus J Ranum
I have always found that (and I am using DEC's SEAL, and no, they are not
paying me to say this...) education (and a little economic persuasion, ie
you need permission from a senior manager to use the ftp facility, and if
_your_ efforts cause the infection of the net, then your cost center
gets charged for the cleanup...) tend to keep the noise level and problems
down. I am pleased with the level of logging (down to the userid, target
host, cd, get, put, bin, etc. level) that this product provides. Even
tracks the # bytes across the firewall...
Or (sorry, marcus, I couldn't resist...:-)) as a Japanese strategist
once stated: "In large scale strategy, when the enemy embarks on an attack,
if you make a show of strongly suppressing his technique, he will change
his mind...--Miyamoto Musashi"
Bryan D. Boyle <>< |Physical: Exxon Research, Annandale, NJ 08801
#include <disclaimer> |Logical: bdboyle @
< USENET: Post to exotic, distant machines. Meet exciting, >
< unusual people. And flame them. >