Not really what you asked but...
You *really* should consider the risks of running this with just router
ACLs.
It is certainly possible to lock Exchange into specific ports for its RPC
traffic (look at MS site for papers about running it through firewalls) but
this would be a lot easier / more secure if you looked into a VPN between
the routers.
You did not specify, but I can infer (possibly incorrectly) that you are
connecting over a non-trusted link (gulp...) and you should seriously look
at more than port-based security.
You might even be able to set up IPSEC using PKI (are they W2K3 servers?)
although it would really be simpler with a FW & VPN link.
Just my 2c...
Jim Hendrick
GCFW, GCIA, GCIH, GCWN
-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of
Turnquist,Wayne
Sent: Friday, November 18, 2005 3:31 PM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] What tool? Fastest way to generate port info to build
acl protection?
Description: Our location is a remote site within the company. I have a
router installed between our cat4006 core and the company router where the
two routers are linked by a cisco hub. I have another cisco hub which links
the cat4006 and the other interface of our router. We have AD and exchange
in the company where we have AD controllers and a exchange server at our
site that communicates with the company's main servers. I have two snort
boxes running on windows xp on each of the hubs.
1st Goal: To map-document all systems and business traffic that needs to
cross to/from our site. 2nd Goal: Create cisco acl to install on our router
to permit for now all needed ports for goal number 1 and deny everything
else 3rd Goal: Modify goal number 2 acl's to include the source and
destination ip numbers
Looking: for the best/fastest low cost way to generate the info for goal
number 1.
Is there a app (prefer windows app if there is one) that can be ran in
sniffer mode on my hubs that could generate all ports being used, port-ip,
port-dest-ip, etc where i could then quickly come up with our business model
traffic pattern to create a baseline acl security?
Does any one know where there are any template acl's to start this project?
Has any one used xacta acl manager program for controlling cisco acl's? Is
there a better cheaper solution instead of this application?
thanks ahead of time
wt
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc. Get Certified Today
Register for a JBoss Training Course. Free Certification Exam for All
Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_idv28&alloc_id�845&op=ick
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc. Get Certified Today
Register for a JBoss Training Course. Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_idv28&alloc_id�845&opÌk
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list
