Mark, > > Lets say I have a anonomous ftp connection, instead of seeing only > > disallowed packets (all packets except ftp) I would like to see the > > allowed packets to that server as well (which would be the ftp in this > > case), in order to see who is connecting.
I guess I don't get it. Why not log this at the FTP server? The PIX can force authentication on an FTP session initiation. But asking for a user name and password seems out of sync with supporting anonymous FTP. No? I'd agree with Dan that if you want to silently track anonymous FTP sessions the best tool would be to use an IDS approach. Liberty for All, Brian At 05:52 AM 12/12/2001 -0800, "Daniel Crichton" <[EMAIL PROTECTED]> wrote: >Message: 4 >From: "Daniel Crichton" <[EMAIL PROTECTED]> >Organization: Computer Manuals Ltd. >To: Johnston Mark <[EMAIL PROTECTED]> >Date: Wed, 12 Dec 2001 12:54:39 -0000 >Subject: RE: Pix FW >Reply-To: [EMAIL PROTECTED] >Cc: [EMAIL PROTECTED] > >On 12 Dec 2001 at 13:33, Johnston Mark wrote: > > > Hi, > > Thats not what I'm after ...... the ports and IP's etc are no problem. > > Lets say I have a anonomous ftp connection, instead of seeing only > > disallowed packets (all packets except ftp) I would like to see the > > allowed packets to that server as well (which would be the ftp in this > > case), in order to see who is connecting. > >Ah, in that case you're out of luck. However, if you do put snort on a >machine inside your PIX you can log all packets for all connections that >were let through. With the rules you could log just ftp packets, or just >web, or whatever. And putting a machine outside your PIX with snort you >could log everything the PIX denies too. In fact putting just one outside >would avoid duplicating packet dumps, but you'd need to make sure that the >snort machine is locked down as your PIX won't protect it. It's really >configurable, and easy to set up once you've played with it for about 10 >minutes. And it's free. http://www.snort.org/ > >Dan >--- >D.C. Crichton email: [EMAIL PROTECTED] >Senior Systems Analyst tel: +44 (0)121 706 6000 >Computer Manuals Ltd. fax: +44 (0)121 606 0477 _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
