On Mon, 30 Jun 1997, Bill Stout wrote:
> I have a customer that would like to add all of the security monitoring,
> logging and reporting features of a firewall to a network. This would be
> for commerce web farm or internal network protection purposes.
>
> The device would need to plug in and passively monitor (must not add a
> proxy, and is not in the traffic flow). They would like to see a product
> that monitors connections (by port number), looks for suspicious activity on
> those connections, and maybe flood or otherwise disable the source.
> Basically like a Courtney or NetRanger for networks.
>
> Anyone know of such a box? NFR - Not For Release? Actually this sounds
> like an excellent opportunity for an ex-governement contractor Co. to
> contribute.
>
> Bill Stout
>
> P.S. - I predict (application-level) network security monitoring and
> response will eventually supplement network monitoring products.
Sounds like something like Real Secure on the commercial side, and netlog
on the freely available side might be what your client is looking for. If
not, it prob is not going to be too hard to whip something up using dlpi,
bpf, or whatever their preferred network interface is. libpcap is a
possibility, although it does not support in kernel filtering for anything
but bpf.
Brian Mitchell brian @
firehouse .
net
"BSD code sucks. Of course, everything else sucks far more."
- Theo de Raadt
References:
|
|
