Maybe you could combine some of these so there are fewer columns? Like you did w/ WindowsNet, e.g.:
BitTorr=6969|6881-6999 TrojansAndWorms=1434|3127|27374|31337 The problem with that one is how often those things change and how lots of the worms are now using standard ports or variable ones, etc. Besides, ntop isn't an IDS. I realize that every net admin can construct their own list. And as they get more sophisticated they will. But - of those in his list, which seem to be around for the long term (and thus might be worthy of inclusion in the basic list) and which are today's issue, soon to disapear? What would be beneficial to the new ntop user, right out of the box??? Thoughts gang? -----Burton > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Michael Handiboe > Sent: Friday, March 19, 2004 4:36 PM > To: [EMAIL PROTECTED] > Subject: Re: [Ntop] interesting info for anyone? - ntop at a peering > point works. > > > Yes, this is helpful, thanks. > > > > Command line: > > usr/local/bin/ntop -d -L -u ntop -w 3000 -p /etc/ntop/protocol.list -P > > /var/lib/ntop -a /var/lib/ntop/access.log -i eth0 -t 0 -O > /var/log/ntop/ -z > > --ignore-sigpipe -g -n -o -r 300 -m x.y.z.a/22,b.c.d.e/16 -C -M -e 40 > > > > > > Protocol list was long and might be useful to some people. Not > perfect but > a > > good indiator. > > > > > FTP=ftp|ftp-data,HTTP=http|www|https,8080=8080,DNS=name|domain,Tel > net=telnet > > > |login,MailClient=pop-2|pop-3|pop3|kpop|imap|imap2|imaps,SMTP=smtp > ,SNMP=snmp > > > |snmp-trap,NEWS=nntp,NFS=mount|pcnfs|bwnfs|nfs|nfsd-status,X11=600 > 0-6010,SSH > > > =ssh,RTSP=554,Edonk=4661-4668,BitTorrSeed=6969,Bittor=6881-6999,Fa > sttrack=12 > > > 14,Gnutel=6345-6349,WinMX=6699,WindowsNet=135|137|139|445,BackOrif > ice=31337, > > > MSSQL=1433,SQLSlammer=1434,MyDoom=3127,Trinoo=27444,Dameware=6129, > Blackjack= > > > 1025,BackDoorsetup=5000,isakmp=500,halflife=27015,Subseven=27374,d > ditcp1=888 > > 8,Crackdown=4444,RDP=3389 > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop > _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
