Bernhard Schneck writes:
>
> One way to see everything is to use a box where you can log failed
> connections or filtered packets.
>
> Several router manufactureres have this now, or you can use something
> like the TIS FWTK on top of an operating system with source code (and
> add the logging yourself).
The only router manufacturer that I'm aware of that can log (at least
via syslog) any activity would be the NSC router. Since I'm
unfamiliar with how they implement their logging, I don't know whether
it can be configured to report connection attempts on blocked ports.
As for the TIS FWTK, yes, as I stated in my original message, I am
familiar with it. However, the difficulty arises if you decide to
monitor a dramatically greater number of ports than the handful of
useful ones you wish to use for real work. Actually, it may not be
difficult, per se, but rather tedious. For example, if I wanted to
monitor all 64K ports, I'd be working on editing my netperm-table and
my inetd.conf for some time to come, but it should do what I wanted.
Now that I think of it, I'm not sure that the TIS FWTK can monitor
UDP ports. Any comments?
One chap directed me to xinetd (in ftp.uu.net:pub/security). I've
pulled it down, but haven't checked it out. A cursory look indicates
that it may do the trick. Comments?
--
Jim Carroll -- jimc @
e-Commerce .
Com -- Standard disclaimer here.
e-Commerce, Inc., 1030 Kamato Road, Suite 201
Mississauga, Ontario, Canada L4W 4B6
** "No, I'm not the Jim Carroll who co-wrote the **
** Canadian Internet Handbook. He's jcarroll @
jacc .
com .
" **
Follow-Ups:
References:
|
|
