How to configure for this activity?

From: ricci (ricciat_private)
Date: Fri Sep 21 2001 - 18:40:29 PDT

Next message: Andreas Östling: "Re: How to configure for this activity?"

Previous message: Eoghan Casey: "Re: Technical Documents"
In reply to: Eoghan Casey: "Re: Technical Documents"
Next in thread: Andreas Östling: "Re: How to configure for this activity?"
Next in thread: GMHoward: "RE: Technical Documents"
Reply: Andreas Östling: "Re: How to configure for this activity?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello All,

	Is there any tools that I can used for capturing the network package of
from a particular source IP only after a particular program being executed?
A snort program can be used for capturing particular activities (like
cmd.exe being executed) without particular IP addresses known.

	However, this snort rules would be invoked only if the network package
containing cmd.exe. While if I would like to perform this activities, what
should I do?

	x.x.x.x determined to perform cmd.exe, then I would like to capture all the
network package related to x.x.x.x.

	What tools I can use? Can I use snort? How to write such rules then?

	Thanks.

Ricci


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Andreas Östling: "Re: How to configure for this activity?"
Previous message: Eoghan Casey: "Re: Technical Documents"
In reply to: Eoghan Casey: "Re: Technical Documents"
Next in thread: Andreas Östling: "Re: How to configure for this activity?"
Next in thread: GMHoward: "RE: Technical Documents"
Reply: Andreas Östling: "Re: How to configure for this activity?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Sep 22 2001 - 05:39:50 PDT