Beth, If you have a Firebox (not a SOHO), you can use the Host Watch feature of the Watchguard Live Security System (LSS) to monitor all connections through the Firebox live. It will display the source/destination IP address as well as the destination port. Give the Firebox a minute to catch up on DNS resolution, and it will resolve outside IP addresses to their names and display them as well.
In addition to that, you can always log the activity to a Syslog server. The Firebox/LSS system will allow you to log based on port activity as well. This would allow you to log any activity going out the Firebox on ports 6699 (Napster) and 5050 (Yahoo Messenger). While you are including Yahoo Messenger, you may want to look at Instant Messenger on port 5190 as well. The next question you have to ask, is if there is activity, what if anything will be done about it. That seems like a question best directed to your companies management, so that it can be included in the corporate security policy. Also, be mindful if these connections are going through any kind of proxy server. You will want to understand the flow of this information through your network so that you can present all available options to management should they decide to curtail these programs. Good luck, Justin From: "beth shriver" Reply-To: "beth shriver" To: [EMAIL PROTECTED] Subject: monitoring activity on watchgaurd firebox and soho [7:29285] Date: Sat, 15 Dec 2001 09:50:58 -0500 Hey Gang, does anyone have any experience with monitoring user activity with watchgaurd firebox or soho? I am wondering exactly if these can be used to see if someone is using napster like programs or using yahoo messenger etc. merry xmas! _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=29499&t=29499 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
