Hi Marc, two things you can do.. 1. install an IDS on the inside of your networks all reporting back to a central station (through secure channels of course). A good place to start is at the host level. Tripwire, COPS, Realsecure, et al... 2. Install honeypots on the inside near well used servers. This might give you a chance to catch them before they make a mess of your main resources.. goes for outside hacker too... Of course the best bit about honeypots is the trails of incriminating evidence they can create for you. Cheers, Bret At 07:40 23/01/00 -0500, you wrote: >Hello - > >I am looking for tools that I can setup to monitor network traffic, >ideally passively, which will try to detect and alert me to attacks or >suspicious activity _originating_ within my networks. I already have >several tools setup that detect activity targetting my networks, and now >want to make certain that knowbody launches anything from within the >address space that I am responsible for. For reference, I am working with >several /18, /19, and various smaller network blocks, often times >multi-homed through several geographically diverse methods. > >Suggestions and references would be greatly appreciated. > >Thanks in advance - Marc > > > Technical Incursion Countermeasures consultingat_private http://www.ticm.com/ voice mail/fax: (+65)98421426(UTC+8 hrs) The Insider - a e'zine on Computer security http://www.ticm.com/info/insider/index.html
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:26 PDT