Wayne Turnquist wrote:
Is there a app (prefer windows app if there is one) that can be ran in
sniffer mode \
on my hubs that could generate all ports being used, port-ip, port-dest-ip,
etc where \
i could then quickly come up with our business model traffic pattern to
create a \
baseline acl security?
Hi Wayne,
You'll need to do some hands-on analysis to generate your ACLs.
It doesn't run on Windows, but Argus [0] can generate the session data
you need.
I call the type of analysis you need to perform a "Traffic Threat
Assessment" (TTA). I usually do that sort of work to find malicious
insiders (or malware), but the same principles apply when identifying
legitimate traffic for creating ACLs. I outline TTA in my latest
book, Extrusion Detection: Security Monitoring for Internal
Intrusions. [1]
You may also find my Structured Traffic Analysis (STA) methodology
outlined in the October 2005 (IN)SECURE magazine to be helpful. [2]
Both the book and article explain how to use Argus in the manner you may need.
Sincerely,
Richard
[0] http://www.qosient.com/argus/
[1] http://www.awprofessional.com/title/0321349962
[2] http://www.insecuremag.com
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc. Get Certified Today
Register for a JBoss Training Course. Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_idv28&alloc_id�845&opÌk
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list
