Introduction
Jeff Law (jlaw@arguus.co.nz)
Mon, 6 Nov 95 10:14:58 NZDT
Hi,
I have joined this mailing list primarily because of my role at work
which at present is focussing on providing Internet connectivity for
our clients.
Dealing with the Internet means dealing with security and I am interested
in ways of preventing, and detecting, intrusion attempts. I suppose I
should also add Im interested in detecting successful intrusions as well!!
Unfortunately, this isnt my only role, so I cant spend all my time on it.
So I am interested in hearing of anything that could be used to automate
monitoring of systems, and anything else regarding security of systems.
I am not a Unix expert. I know enough to be dangerous (ie I think I know
what Im doing ;-) )
One question I have regarding monitoring for intrusuions, is this:
We currently use a package called NeTraMet, which we use for billing
purposes. It monitors all packets going through our Internet link and
gathers info such as source/destination IP address, packet type, and
source/destination ports amongst others.
My question is, would it be worth setting this up to send alerts in some
form when it detects packets with a specific port number? ie is there
ports which are only used when someone is attempting to gain access? I
dont want to create something which generates "false alarms" so it get
ignored!
Any body been down this path? Is it worth the effort?
Regards
Jeff Law
Internetworking Consultant
___________________________________________________________
Continuum (NZ) Limited
105 Symonds Street
PO Box 8690 Telephone: 64 9 379-2350
Auckland 1035 Facsimile: 64 9 357-2200
New Zealand Internet : jlaw@arguus.co.nz
___________________________________________________________
Most of the things worth doing in the world had been declared
impossible before they were done. (Louis Brandeis)