Home page logo
/

basics logo Security Basics mailing list archives

RE: Monitor XP (ICS ) client connections?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 26 Apr 2004 08:25:38 -0700

  I neglected to mention that changing the network topology is
not going to be a popular answer.  The current Internet connection
is by way of a device that connects to the gateway machine via USB, 
so inserting a router between the two cannot easily be done.

  However, I believe most of the suggestions I've received so far 
will show the external address of the gateway and not the internal
address of the client, unless they're actually installed on the 
client instead of the gateway.  This solution at least avoids that
problem.

David Gillett


-----Original Message-----
From: Garzona, Harry [mailto:GarzoHa () ffhsj com]
Sent: Sunday, April 25, 2004 8:38 AM
To: Meidinger Chris; gillettdavid () fhda edu;
security-basics () securityfocus com
Subject: RE: Monitor XP (ICS ) client connections?


Dave:

    For a few dollars your friend can go out and purchase a 
small router
(Linksys, netgear, etc) that does NAT and has logging 
capabilities. This
would be the user level quick solution because it will identify the IP
address of the machine and the sites visited in a simple to read
interface. Most devices will even e-mail you the logs.
Hope this helps,

Harry

-----Original Message-----
From: Meidinger Chris [mailto:chris.meidinger () badenit de] 
Sent: Thursday, April 22, 2004 12:51 PM
To: gillettdavid () fhda edu; security-basics () securityfocus com
Subject: RE: Monitor XP (ICS ) client connections?

Hi Dave,

is he looking for specific sites, or does he want to analyze 
traffic to
check what his employees are up to? If he is looking for 
specific sites,
a
simple logging proxy server with grep would be the simplest. 
If he needs
some kind of interface where he can click through the sites that his
employees have visited, then I think Edward Miller's 
suggestions should
be
fine.

It just depends what he is monitoring for.

Cheers,

Chris Meidinger

-----Original Message-----
From: David Gillett [mailto:gillettdavid () fhda edu] 
Sent: Monday, April 19, 2004 6:59 PM
To: security-basics () securityfocus com
Subject: Monitor XP (ICS ) client connections?

  A friend who runs a small business (across the continent 
from me, currently) is using XP with connection sharing, and 
has expressed concern that some of his employees may be 
endangering the network by visiting URLs they shouldn't.  
He'd like to be able to do some basic monitoring of the ICS 
connection, without getting into full-blown sniffing and 
packet disassembly.

  Can anyone recommend (or, based on experience, recommend 
against!) tools for this job?  It doesn't have to be in real 
time, it's okay if it sits in the background collecting info 
and he just checks it every now and then.

Dave Gillett



--------------------------------------------------------------
-------------
Ethical Hacking at the InfoSec Institute. Mention this ad and 
get $545 off any course! All of our class sizes are 
guaranteed to be 10 students or less to facilitate one-on-one 
interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of 
in-the-field pen testing experience in our state of the art 
hacking lab. Master the skills of an Ethical Hacker to better 
assess the security of your organization. 
Visit us at: 

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
--------------------------------------------------------------
--------------


--------------------------------------------------------------
----------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert 
instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your 
organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
--------------------------------------------------------------
----------
----





_______________________
Confidentiality Notice:  The information contained in this 
e-mail and any attachments may be legally privileged and 
confidential.  If you are not an intended recipient, you are 
hereby notified that any dissemination, distribution or 
copying of this e-mail is strictly prohibited.  If you have 
received this e-mail in error, please notify the sender and 
permanently delete the e-mail and any attachments 
immediately.  You should not retain, copy or use this e-mail 
or any attachment for any purpose, nor disclose all or any 
part of the contents to any other person.   Thank you.


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault