Printable View
Anyone here using IP Audit Web?
http://ipaudit.sourceforge.net/ipaudit-web/
It is supposed to be similar to Cisco NetFlow...
I'm working on configuring an older box to throw at my gateway to see how it works.
Looks pretty useful.
I seem to remeber this project from a while ago... but it got lost on my to-check-out list.
Security Focus just reminded me about it today with a nice little article/intro about it
http://securityfocus.org/infocus/1842
I just threw it on a test box, and I must says its kinda of nice.
I can't wait for my data to grow!
Sweet. Thats what I had planned for today... but I woke up late and had to rush out of the house. I forgot my cdbook with my distros... :( It'll take too long to download/burn here so I'll just wait till tomorrow.Quote:
Originally posted here by kr5kernel
I just threw it on a test box, and I must says its kinda of nice.
I can't wait for my data to grow!
BTW: What kind of hardware did you put it on? What distro did you use?
I'm planning on throwing it on a dual PIII 800mhz with 768mb ram and a 160gb hard disk.
I'm either going to use FC4 or SuSE 9.3 Pro. Most likely go with the FC4.
Im running it on a Dell Poweredge 3Ghz Pentium 4, 2 gigs of ram, and a 120 GB hd.
The distro is Fedora Core 2.
This is my test machine for all sorts of shite, and it doesn't appear that ipaudit requires anything near that kind of machine. I am thinking about putting it on a 500 Mhz machine running Slackware.
How sweet is that! Do you need any help there?Quote:
Originally posted here by kr5kernel
Im running it on a Dell Poweredge 3Ghz Pentium 4, 2 gigs of ram, and a 120 GB hd.
The distro is Fedora Core 2.
This is my test machine for all sorts of shite, and it doesn't appear that ipaudit requires anything near that kind of machine. I am thinking about putting it on a 500 Mhz machine running Slackware.
Lemme know if you guys have any luck with this in regards to identifying botnet activity.
Thanks.
--TH13