[unisog] sample NAT logs and analysis tools (OBSD- fp)

Vijay S Sarvepalli VSSARVEP VSSARVEP at uncg.edu
Thu Apr 28 12:31:16 GMT 2005

Do one to one nat..
On pix you can just static route the whole network, and make 10.0.11.X be 
mapped to
132.1911.X (or whatever your class C or bigger subnet is)

this way you can track user to inside ip to outside ip>


Russell Fulton <r.fulton at auckland.ac.nz> 
Sent by: unisog-bounces at lists.sans.org
04/27/2005 08:15 PM
Please respond to
UNIversity Security Operations Group <unisog at lists.sans.org>

pf <pf at benzedrine.cx>, unisog at lists.sans.org

[unisog] sample NAT logs and analysis tools (OBSD- fp)

Hi Folks,
                  I am shortly going to have to set up NAT our residences 
firewall and
one of the things I am going to deal with is storage of NAT logs so we
can trace nefarious traffic after the fact.

I am still in the planning phase and I would be grateful if someone
could forward me some sample NAT logs from pf so I can see what I am
dealing with.

On a more general note how do people deal with the problem of tracing
traffic through Natted gateways?  Are there any tools available.

One of the things that I am considering is to not bother with the NAT
logs at all but instead run Argus <www.qosient.com> on the inside
interface of the firewall.

Russell Fulton, Information Security Officer, The University of Auckland
New Zealand
unisog mailing list
unisog at lists.sans.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20050428/817d33d4/attachment.htm

More information about the unisog mailing list