[unisog] sample NAT logs and analysis tools (OBSD- fp)
r.fulton at auckland.ac.nz
Thu Apr 28 01:21:09 GMT 2005
On Wed, 2005-04-27 at 20:41 -0400, Harry Hoffman wrote:
> Hi Russell,
> On our firewall/proxies we run snort, arpwatch, squid, squidguard on the
> internal side of things and also log everything we don't allow. Argus
> would seem like a good choice as well.
If you are running NAT how do you deal with the "we saw a portscan from
IP x (where x is the external address of the firewall)" if it was not
picked up by snort?
> Are you running NAT b/c of address space limitations? If not have you
> considered just running pf/carp in bridging mode so that you can use
> externally routable space and have failover?
The residences are running NAT and using 10/8 address space. We could,
perhaps shoe horn them into existing address space in 130.216/16 but we
are starting to feel a bit cramped. Not in terms of total number of IPs
but in having enough spare space to do big reoganisations.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050428/57b4b89a/smime.bin
More information about the unisog