> > Is there a way to track who is using the VM ftp client and the target > > server address? We have a need to find who/what is ftping to specific > > servers so that they can be converted to a new address and/or > solution. > > CMAP would do that (if you have it), although it won't catch the case > when user starts FTP and then uses 'open foobar.host.com' inside the > module. > > Another method if you have Cisco network equipment (not on VM) would be > to have your networking people turn on NetFlow accounting in the network > device connecting you to the LAN and have them look for transfers from > your host to the suspect address. That'd at least give you timeframes to > look at. You might also enable IDENT support for the VM TCP stack (talk > to Rick about it; he wrote it); the NetFlow tools can use IDENT > information to map connections back to users if it is available. > > You *ARE* being insistent about stamping out hard coded IP addresses, > right? DNS is Goodness.
Yes, we are. Hard coded IPs are not encouraged and get a "tsk-tsk" when we see them coded in apps. They still are used, but discouraged when possible. I will pester Sir Santa to see if he can assist on IDENT. Thanks!
