Dear all,
I use NS sensor 6.5 on solaris 2.8 platform with
Stealth-mode, but it can't capture any events and
display on WGM.
The detail settings/Scenario as follows:
1. One Network Sensor 6.5 on Solaris 2.8 platform,
- "hme0" adaptor connect to WGM
- "hme1" adaptor as a monitoring interface without
ip address
2. Workgroup Manager 6.5 install on W2k machine
(had applied the lastest XPU & database patch)
3. Monitoring interface connect to Cisco 29xx switch
(Port Monitoring had been done on Cisco switch)
Diagram:
Internal Network
|
|
Cisco Switch (B)
|
|(trunking)
|
Cisco Switch (A)
|
|(Port Monitoring)
|
[Stealth Mode]- hme1
Network Sensor 6.5
|
|
Working Manager 6.5
My Testing:
1. Connect a Notebook on Cisco Switch(A) and perform a
"port scan" attack. NS sensor 6.5 can be captured
this attack and display on WGM console. [success]
2. But if connect a Notebook on Cisco Switch (B) and
perform a "port scan" attack. NS sensor 6.5 cannot
be captured this attack [Fail]
3. Then I try to make a "connection events" policy to
capture all TCP events. NS sensor 6.5 can be
captured this event, but it's not show as a "port
scan" attack. It's show this event as a (suspicous
tcp).
I appreciate that if you can give me any suggestion.
thank you,
Jaeson
__________________________________________________
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
