Probes

[Teddy Mills]

I got the idea. a box that has zero services and only a few utilities like
snort, tcpdump and a few other diagnostic tools before the firewall.

Is there already distros that do this? Are these things called "pawns" or
"sacrifical hosts" TNG "probes" or something? I got Smoothwall, maybe I'll
just disable all the services of Smoothwall and use that.

Otherwise I'll have to make one up.
Make it so!


Keith says...
> If 1) security is a condsideration; and 2) you want to see the traffic
your
> firewall is battered with; and 3) you don't want to disable your packet
> filter; then put a machine running snort outside the firewall.


----- Original Message -----
From: "Keith Mastin" <kmastin-PzQIwG9Jn9VAFePFGvp55w at public.gmane.org>
To: <tlug-lxSQFCZeNF4 at public.gmane.org>
Sent: Tuesday, November 18, 2003 11:55 AM
Subject: Re: [TLUG]: if iptables rules drop that packet, will they be
displayed in tcpdump


>
> > if  iptables rules drop that packet, will they be displayed in tcpdump?
> > Im guessing no, since they packets dont even get in the front door.
> >
> > I guess my alternatives are to disable the rules and then use tcpdump,
or
> > use the LOG functions in iptables...Probably easier to just temporarily
> > disable the offending iptables rules.
> >
> > Im really wary of security now. Like paranoid.
>
> If 1) security is a condiseration; and 2) you want to see the traffic your
> firewall is battered with; and 3) you don't want to disable your packet
> filter; then put a machine running snort outside the firewall.
>
> --
> Keith
> --
> The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
>
>

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml