Forum Home
Press F1
Thread ID: 24048	2002-09-02 07:06:00	Paranoia, and yet even more linux	Chris Wilson (431)	Press F1

Post ID	Timestamp	Content	User
75755	2002-09-02 13:27:00	Hi Chris, A good site to keep checking on a regular basis is http://www.linuxsecurity.com/ as it has some good articles on security and the latest exploits. Do you really want to disable secure http on your web server though? On the traffic front if you have a hub (not a switch) you can use ethereal in promiscuous mode. This will detect and log all traffic on the network. Use with caution though as the logs are enormous. If you are thinking of using portsentry go to http://www.psionic.com (the vendor) as they have a couple of other products that work along side portsentry.	Gorela (901)
75756	2002-09-02 22:20:00	>>"On the traffic front if you have a hub (not a switch) you can use >>ethereal in promiscuous mode. This will detect and log all traffic on the >> network. Use with caution though as the logs are enormous" ?:| Sorry, but as the hub is only there between the linux box and the PC, and there is a seperate card connecting the linux box to the cable modem, i dont quite see the connection.. logging all network traffic in/out of the building might help though.... When i thought i'd get a linux box so i'd learn something new.... i was right about one thing.. whoa lots to learn.	Chris Wilson (431)
75757	2002-09-03 04:47:00	tcpdump is another logging programme. I haven't got around to trying ethereal yet. tcpdump has a "host=" option so you can log only traffiic through the cable modem.	Graham L (2)
75758	2002-09-04 10:55:00	If you are running ethereal on the box connected to your internal and external connections it should log traffic on both networks. Promiscuous mode may not be a good idea in this situation......... Do a quick test by running it with "Automatic scrolling in live capture" this should quickly give you an idea of the type of traffic and quantity.	Gorela (901)
1 2