Rats ...... but thanks for the info :-)
-----Original Message-----
From: Daniel Crichton [mailto:[EMAIL PROTECTED]]
Sent: 12 December 2001 13:55
To: Johnston Mark
Cc: [EMAIL PROTECTED]
Subject: RE: Pix FW
On 12 Dec 2001 at 13:33, Johnston Mark wrote:
> Hi,
> Thats not what I'm after ...... the ports and IP's etc are no problem.
> Lets say I have a anonomous ftp connection, instead of seeing only
> disallowed packets (all packets except ftp) I would like to see the
> allowed packets to that server as well (which would be the ftp in this
> case), in order to see who is connecting.
Ah, in that case you're out of luck. However, if you do put snort on a
machine inside your PIX you can log all packets for all connections that
were let through. With the rules you could log just ftp packets, or just
web, or whatever. And putting a machine outside your PIX with snort you
could log everything the PIX denies too. In fact putting just one outside
would avoid duplicating packet dumps, but you'd need to make sure that the
snort machine is locked down as your PIX won't protect it. It's really
configurable, and easy to set up once you've played with it for about 10
minutes. And it's free. http://www.snort.org/
Dan
---
D.C. Crichton email: [EMAIL PROTECTED]
Senior Systems Analyst tel: +44 (0)121 706 6000
Computer Manuals Ltd. fax: +44 (0)121 606 0477
Computer book info on the web:
http://computer-manuals.co.uk/
Want to earn money? Join our affiliate network!
http://computer-manuals.co.uk/affiliate/
