NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Nokia and log manipulation



I have used Snort via Razorback.  And it does not correleate the data that would be needed for attack patterns.  Something that has a capability to recreate attack patterns to determine what was comprimised.. Snort doesnt do this yet, unless I can configure it do to that for me.  I checked out
E-Security as well.. nope they don't have this full-feature either.

I'll take a look at WebTrends...

Thanks for you hint...!!!

Mailing list for discussion of Firewall-1 <[email protected]> wrote:
>


Nokia and log manipulation



Personally I would stick with Webtrends to analyse the
firewall logs. If you are looking to detect attack sequences however, there is
no easy way...you need an IDS....you can try a freeware like SNORT which has
amazing capabilities.

  -----Original Message-----
> From: Nick Ellenden
  [mailto:[email protected]]
> Sent: Wednesday, October 31, 2001
  10:26 PM
> To:
  [email protected]
> Subject: Re: [FW-1]
  Nokia and log manipulation
>
>
  Hi,

  I
  don't work for OpenService (which is OPSEC compliant), but to toot their horn
  a little, you can configure the filter rules in OpenService to parse the data
  as you wish this could then be used to re-create such paths, although most
  reasonable attackers will spoof or otherwise obscurant their own trail. You
  might also want to check out e-Security Inc products, they may have evolved a
  processing approach as well now.


  Bestest,

  nick

    -----Original Message-----
> From: Mailing list for
    discussion of Firewall-1
    [mailto:[email protected]]On Behalf Of
    Wesley Maness
> Sent: 01 November 2001 04:43
> To:
    [email protected]
> Subject: Re: [FW-1]
    Nokia and log manipulation
>
>
    To
    All:

    Can anyone suggest a product (working in cohoots
    with FW-1 and others, either via OPSEC or other means) that
    can
    parse large amounts of logs(fw logs) and recreate
    attack sequences (their paths) etc ?

    Thanks...

      -----Original Message-----
> From: Mailing list for
      discussion of Firewall-1
      [mailto:[email protected]]On Behalf Of
      Nick Ellenden
> Sent: Wednesday, October 31, 2001 3:34
      AM
> To:
      [email protected]
> Subject: Re: [FW-1]
      Nokia and log manipulation
>
>
      Hi,

      You might want to check out OpenService, they also make an agent
      server system which also works on Solaris and Windows for FW1, it can also
      parse and process the system logs as well.


      Bestest,

      nick

        -----Original Message-----
> From: Mailing list for
        discussion of Firewall-1
        [mailto:[email protected]]On Behalf Of
        Tim Holman
> Sent: 30 October 2001 22:05
> To:
        [email protected]
> Subject: Re:
        [FW-1] Nokia and log manipulation
>
>
        Webtrends ?

          -----Original Message-----
> From: Mailing list for
          discussion of Firewall-1
          [mailto:[email protected]]On Behalf Of
          Sam Denton
> Sent: 23 October 2001 10:21
> To:
          [email protected]
> Subject: [FW-1]
          Nokia and log manipulation
>
>
          <P>Is there anyway to manipulate log file data on the
          Nokia Platform (IP330 running FW-1 4.1 SP4)
          <P>Thanks
          <P>Sam
>
> **********************************************************************
> This
        email and any files transmitted with it are confidential and
> intended
        solely for the use of the individual or entity to whom they
> are
        addressed. If you have received this email in error please notify
> the
        system manager.
>
> This footnote also confirms that this email
        message has been swept by
> Dimension Data mail system for the presence
        of computer
        viruses.
>
> www.uk.didata.com
> **********************************************************************
>

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.