NAI provide a patch cluster.SOLARIS.patch level 1, it should resolve your
logging destination problem.
---------------------- Forwarded by Susan M Bustamante/Long Beach/IBM on
02/14/2000 11:58 AM ---------------------------
"Steven Pierce" <[EMAIL PROTECTED]>@Lists.GNAC.NET on 02/12/2000
05:30:43 PM
Sent by: [EMAIL PROTECTED]
To: "Merton Campbell Crockett" <[EMAIL PROTECTED]>, "Firewall List"
<[EMAIL PROTECTED]>
cc:
Subject: Re: Gauntlet 5.5 for Unix
Merton,
If you go to Sunfreeware.com page they have a utility that will allow you
to run Linux Apps under Solaris. It is called lxrun. If you go to the
site
http://www.sunfreeware.com/ and in the right hand box you will see the link
for it. I have not personally used it so I can not say if it is any good
or not. But it might be a worth a try.
*********** REPLY SEPARATOR ***********
On 02/12/2000 at 11:02 AM Merton Campbell Crockett wrote:
>After NAI announced that it was discontinuing the BSD/OS based version of
>Gauntlet, my customer decided to switch to the Solaris based version of
the
>product. The replacement hardware and Gauntlet 5.5 arrived and have been
>installed.
>
>Unfortunately, the switch from the BSD/OS based Gauntlet 5.0 to the
Solaris
>based Gauntlet 5.5 has been a far more difficult transition than one would
>expect. Literals used in IPFW rules, e.g. telnet, were not translated to
>the correct port numbers. It's taken a few days but these problems have
>been erradicated.
>
>The major problem that remains involves the "securityalert" entries in the
>log, /var/log/messages. The target or destination address that is
reported
>is the IP address of the interface on which the packet arrived. The
BSD/OS
>based versions of Gauntlet reported the IP address of the actual target or
>destination.
>
>The latter is what we would prefer seeing recorded. It allows us to
quickly
>identify activity involving the "dim stars in our corporate firmament"
that
>have taken a laptop home and forgotten to change their system
configuration
>appropriately. In addition, knowing the target IP address allows us to
>differentiate between activity targetted at a specific system and activity
>that is simply probing for a weakness.
>
>What are the "sweet nothings" that need to be whispered in Gauntlet's ear
to
>force the recording of the actual destination IP address?
>
>Merton Campbell Crockett
>
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
