[unisog] sample NAT logs and analysis tools (OBSD- fp)

Vijay S Sarvepalli VSSARVEP VSSARVEP at uncg.edu
Thu Apr 28 12:31:16 GMT 2005


Do one to one nat..
On pix you can just static route the whole network, and make 10.0.11.X be 
mapped to
132.1911.X (or whatever your class C or bigger subnet is)

this way you can track user to inside ip to outside ip>


vijay



Russell Fulton <r.fulton at auckland.ac.nz> 
Sent by: unisog-bounces at lists.sans.org
04/27/2005 08:15 PM
Please respond to
UNIversity Security Operations Group <unisog at lists.sans.org>


To
pf <pf at benzedrine.cx>, unisog at lists.sans.org
cc

Subject
[unisog] sample NAT logs and analysis tools (OBSD- fp)






Hi Folks,
                  I am shortly going to have to set up NAT our residences 
firewall and
one of the things I am going to deal with is storage of NAT logs so we
can trace nefarious traffic after the fact.

I am still in the planning phase and I would be grateful if someone
could forward me some sample NAT logs from pf so I can see what I am
dealing with.

On a more general note how do people deal with the problem of tracing
traffic through Natted gateways?  Are there any tools available.

One of the things that I am considering is to not bother with the NAT
logs at all but instead run Argus <www.qosient.com> on the inside
interface of the firewall.

Russell
 
-- 
Russell Fulton, Information Security Officer, The University of Auckland
New Zealand
_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20050428/817d33d4/attachment.htm


More information about the unisog mailing list