[unisog] sample NAT logs and analysis tools (OBSD- fp)

Russell Fulton r.fulton at auckland.ac.nz
Thu Apr 28 00:15:46 GMT 2005


Hi Folks,
	 I am shortly going to have to set up NAT our residences firewall and
one of the things I am going to deal with is storage of NAT logs so we
can trace nefarious traffic after the fact.

I am still in the planning phase and I would be grateful if someone
could forward me some sample NAT logs from pf so I can see what I am
dealing with.

On a more general note how do people deal with the problem of tracing
traffic through Natted gateways?  Are there any tools available.

One of the things that I am considering is to not bother with the NAT
logs at all but instead run Argus <www.qosient.com> on the inside
interface of the firewall.

Russell
 
-- 
Russell Fulton, Information Security Officer, The University of Auckland
New Zealand
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050428/2e97570f/smime.bin


More information about the unisog mailing list