-
June 10th, 2003, 01:19 PM
#11
Horse: Thats why I told him to slap a hub in the system with the sniffer box and the offending box connected to it. Failing that, there is always a bottleneck at some point on the way out to the internet. Stick the hub there so you can see all inbound and outbound traffic, (especially since he isn't firewalled...... Hell, what Unhappy will see there will justify the purchase of something to block the outside world......). Then he can sniff the moron till the cows come home.
Yeah, I'm a PureSecure fan but I use it only for the "real-time" view. I use plain snort -> syslog for the detailed/archive logs. I like the interface on PureSecure in so far as it allows me quick access to recent events and some summary data etc. too. I also use the HIDS on all my public and AD boxes and I really like the system monitoring. All my public services are checked every 5 minutes as are all my routers throughout the entire WAN. It's kinda nice knowing that I know of a failure in less than 5 minutes and being able to tell callers, "Yep, I know... Working on it"...... makes them think you are an all-seeing Demi-God.......
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|