Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1999-q3

NFR Wizards Archives: RE: tcpdump installation on unix firewall?

RE: tcpdump installation on unix firewall?

Mason Begley (mbegleyconcentric.com)
Tue, 31 Aug 1999 11:27:12 -0700

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Lockdown: "RE: tcpdump installation on unix firewall?"
Previous message: dwelchphoneboy.com: "Re: ICA"
Maybe in reply to: Stan Anderson: "ICA"
Next in thread: Lockdown: "RE: tcpdump installation on unix firewall?"

It doesn't matter really since tcpdump could be compiled offline and then
added by a hacker later. Something that could be used for added security is
to move all the tools you'll need into a directory and encrypt that dir with
triple-des and only unencrypt it when its needed.

Mason Begley
Concentric Network.

-----Original Message-----
From: Siglite [mailto:siglitecriticalstop.com]
Sent: Saturday, August 28, 1999 12:57 AM
To: Andreas.Bolatzkich.danzas.com
Cc: firewall-wizardsnfr.net
Subject: Re: tcpdump installation on unix firewall?

I've never run a sniffer directly on the firewall. However, I've found it
extremely usefull to have sniffers on both sides of it. In fact, that's
generally the first place I go when I'm having a connectivity problem
through the firewall.

/*-----------------------------------*/
/* I live with FEAR every day. */
/* But, sometimes, she lets me RACE. */
/*-----------------------------------*/

KT Morgan
Network Engineer
Checkpoint Firewall-1 CCSA/CCSE
Microsoft MCP
Software Systems Group, Inc

On 27 Aug 1999 Andreas.Bolatzkich.danzas.com wrote:

> Hi fw-wizards
>
> Do you consider it an utterly bad idea to install a packet sniffer on a
firewall. (HP box running FW-1).
> Why would I want to do this?
> Perhaps you know this already: If sth. is not working it's either the
firewall or the network.
> I need a tool to proove what's going on... Badly performing server, find
out what normal traffic is for an application (data volume, traffic profile
for one request....) and more of this kind.
>
> Is there anybody out there... doing this?
>
> Does it interfere with the FW-1 software?
>
> Thanks,
>
> Andy :-oe.
>
>
> ---
> Andreas Bolatzki
> DANZAS Management AG
> Corporate IT Operations and Support
> Muenchensteinerstr. 43
> CH-4002 Basel, Switzerland
> Tel. +41 (61) 319 8686, Fax. +41 (61) 319 8866
> Internet: andreas.bolatzkich.danzas.com
> X400: C=ch;A=atlas;P=danzas;O=dzchbslho;S=Bolatzki;G=Andreas
>

Next message: Lockdown: "RE: tcpdump installation on unix firewall?"
Previous message: dwelchphoneboy.com: "Re: ICA"
Maybe in reply to: Stan Anderson: "ICA"
Next in thread: Lockdown: "RE: tcpdump installation on unix firewall?"

This archive was generated by hypermail 2.0b3 on Wed Sep 01 1999 - 00:15:04 CDT