Re: Network security

From: Rodolfo J. Paiz (rpaiz_at_simpaticus.com)
Date: 06/10/04

Next message: Rodolfo J. Paiz: "Re: Cups crap"

Previous message: Chalonec Roger: "RE: End of life for FC1?"
In reply to: Chadley Wilson: "Network security"
Next in thread: Jason Costomiris: "Re: Network security"
Reply: Jason Costomiris: "Re: Network security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 10 Jun 2004 06:27:08 -0600
To: For users of Fedora Core releases <fedora-list@redhat.com>

At 02:37 6/10/2004, Chadley Wilson wrote:
>My network with approx 300 users is routed to the internet through a
>proxy and firewall, we have a DNS server and PDC Server.
>It is a winXplease network.

Is it a WinXP proxy/firewall? If so, changing *that* box to a Linux box
would be my first recommendation.

>1) Track an internal PC running a sniffer of some sort, obtain its ip
>and mac address, then stop it sniffing and maybe kick it off the
>network.
>
>2) Be alerted when someone tries to sniff from outside, trace him and
>obtain his details or ISP details.

Define "sniff". If you mean it the same way I do, as in passively listening
to as much traffic as possible for analysis in search of weaknesses, then I
don't think you can. Listening does not make any noise... it's the basic
principle of passive sonar arrays for submarines.

However, if in general you want security tools to detect malicious
activity, then I suggest using Shorewall [1] as your firewall package on
the Linux box, and Snort [2] for an intrusion detection system (IDS). Both
tools are top-of-the-line and will likely do a huge percentage of what you
want.

[1] http://www.shorewall.net

[2] http://www.snort.org

Cheers,

-- 
Rodolfo J. Paiz
rpaiz@simpaticus.com
http://www.simpaticus.com
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

Next message: Rodolfo J. Paiz: "Re: Cups crap"

Previous message: Chalonec Roger: "RE: End of life for FC1?"
In reply to: Chadley Wilson: "Network security"
Next in thread: Jason Costomiris: "Re: Network security"
Reply: Jason Costomiris: "Re: Network security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: Can Not Ping By Name
... >>> Make sure there's no firewall packaged with the VPN client. ... >>DNS server is the same physical server as the Exchange, ... > Network problem solving - general advice: ...
(microsoft.public.windowsxp.network_web)
Re: userenv 1054 ratlos
... Please post an ipconfig /all from your DNS server and the ws. ... The DC for the network cant be found. ... message in the firewall logs, even if the client firewall is off, ... addition we found out that some ICMP packets of the client OUTGOING ...
(microsoft.public.windows.server.general)
Re: Iptables and DNS
... DNS server in a multi host network. ... served with a firewall or packet filter of some sort. ...
(comp.os.linux.security)
Re: More DNS learning
... named-checkconf and named-checkzone think that the syntax is ok, ... > regular network interface, maybe a firewall is blocking it (RH may have ... > a default firewall running). ... I am now down to just trying to get the DNS server to see ...
(alt.os.linux)
RE: can ping but not browse
... I have stopped the firewall. ... # are safed from all (security) hazards. ... firewall/bastion host to the internet ... # internet and to an internal network, ...
(Fedora)