Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: RE: tcpdump installation on unix firewall?

RE: tcpdump installation on unix firewall?

From: Lee (Lockdown) Hughes <lee_at_polestar.co.uk>
Date: Wed, 1 Sep 1999 09:54:53 +0100

Yeah, and then drop it at the bottom of the ocean, and encase it in lead
;-).
I always carry a laptop around with me with all the tools that I need for
sniffing,
not much good for remote admin though :-(. You should really look at
something
like www.nfr.net, as this is a self contained sniffing solution, and with
IDR modules,
you can tailor it for almost anything.
Cheers,
Lee

> -----Original Message-----
> From: Mason Begley [SMTP:mbegley_at_concentric.com]
> Sent: Tuesday, August 31, 1999 7:27 PM
> To: 'Siglite'; Andreas.Bolatzki_at_ch.danzas.com
> Cc: firewall-wizards_at_nfr.net
> Subject: RE: tcpdump installation on unix firewall?
>
> It doesn't matter really since tcpdump could be compiled offline and then
> added by a hacker later. Something that could be used for added security
> is
> to move all the tools you'll need into a directory and encrypt that dir
> with
> triple-des and only unencrypt it when its needed.
>
> Mason Begley
> Concentric Network.
>
> -----Original Message-----
> From: Siglite [mailto:siglite_at_criticalstop.com]
> Sent: Saturday, August 28, 1999 12:57 AM
> To: Andreas.Bolatzki_at_ch.danzas.com
> Cc: firewall-wizards_at_nfr.net
> Subject: Re: tcpdump installation on unix firewall?
>
> I've never run a sniffer directly on the firewall. However, I've found it
> extremely usefull to have sniffers on both sides of it. In fact, that's
> generally the first place I go when I'm having a connectivity problem
> through the firewall.
>
> /*-----------------------------------*/
> /* I live with FEAR every day. */
> /* But, sometimes, she lets me RACE. */
> /*-----------------------------------*/
>
> KT Morgan
> Network Engineer
> Checkpoint Firewall-1 CCSA/CCSE
> Microsoft MCP
> Software Systems Group, Inc
>
> On 27 Aug 1999 Andreas.Bolatzki_at_ch.danzas.com wrote:
>
> > Hi fw-wizards
> >
> > Do you consider it an utterly bad idea to install a packet sniffer on a
> firewall. (HP box running FW-1).
> > Why would I want to do this?
> > Perhaps you know this already: If sth. is not working it's either the
> firewall or the network.
> > I need a tool to proove what's going on... Badly performing server, find
> out what normal traffic is for an application (data volume, traffic
> profile
> for one request....) and more of this kind.
> >
> > Is there anybody out there... doing this?
> >
> > Does it interfere with the FW-1 software?
> >
> > Thanks,
> >
> > Andy :-oe.
> >
> >
> > ---
> > Andreas Bolatzki
> > DANZAS Management AG
> > Corporate IT Operations and Support
> > Muenchensteinerstr. 43
> > CH-4002 Basel, Switzerland
> > Tel. +41 (61) 319 8686, Fax. +41 (61) 319 8866
> > Internet: andreas.bolatzki_at_ch.danzas.com
> > X400: C=ch;A=atlas;P=danzas;O=dzchbslho;S=Bolatzki;G=Andreas
> >
Received on Sep 01 1999

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos