*********** REPLY SEPARATOR ***********
On 17/06/00 at 1:18 Jim Mills wrote:
>Hello all,
>A client has asked me to design and build a standalone box in thier DMZ
>capable of detecting port scans of any of the clients public IP addresses
>and then sending a notification to the enterprise network management
>console.. (smtp or snmp ) this machine will sit in the public IP space and
>should monitor the whole subnet for attacks or DOS attacks.
>
>I have done some reading ( need to do more) and have some ideas but it
never
>hurts to ask...
>
Not sure how you will monitor the whole network from one box, but you could
set this box up as a honey pot, the other way would indicate to me that it
would have to be a logging box that has all traffic passed through it and
logged grepped for certain traffic, unless you plan using a third party
software. I am interested in what you find, if its Open Source and does
not cost, even better. I can indicate software to use on each host to do
what you say.
Regards
Greg Wright
--
IT Consultant Sydney Australia PH 0418 292020
Available for Global Contracts Int. +61 418 292020
web http://www.ausit.com e-mail greg AT ausit.com
Trading As - AAA Computers, ITpro, Ozzie Soft, providers of IT services.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.