Security Incidents mailing list archives

Re: traffic logging

From: Erich.Meier () INFORMATIK UNI-ERLANGEN DE (Erich Meier)
Date: Thu, 4 May 2000 10:45:41 +0200


On Wed, May 03, 2000 at 10:49:06AM -0500, Robert G. Ferrell wrote:

I've been seeing a lot of odd traffic on several of my
machines and I was
wondering what you folks suggest for logging traffic on a
single machine.
Several of the machines are Linux boxes, and I'd like the
ability to log in
depth.  Things I'd like to capture would include things like
stealth scans
and odd packets.

Any suggestions?

Not so much for traffic, but I use logcheck for any anomolies in the log
files, and PortSentry to detect and react to port scans.  They can both be
found here:
http://www.psionic.com/


I find iplog to be quite useful, as well:
http://ojnk.sourceforge.net


Snort is a really cute IDS that detects portscans and is also capable
of traffic logging.

Get it at http://www.clark.net/~roesch/security.html (main site, currently
out of order) or http://snort.whitehats.com/security.html (one of the backup
sites).

Erich

Current thread:

Re: traffic logging Scott McClelland (May 01)
- <Possible follow-ups>
- Re: traffic logging Damian Gerow (May 03)
  - Re: traffic logging spiff (May 08)
    - Re: traffic logging Craig H. Rowland (May 08)
    - Re: traffic logging Jason Baker (May 08)
- Re: traffic logging Robert G. Ferrell (May 03)
  - Re: traffic logging Erich Meier (May 04)
- Re: traffic logging Damian Gerow (May 09)