LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 10-15-2003, 10:47 PM   #1
ASP
LQ Newbie
 
Registered: Jul 2003
Location: Saskatchewan, Canada
Distribution: Redhat 9.0, Knoppix
Posts: 28

Rep: Reputation: 15
Logging\Filtering Packets Through a Gateway


Ok, here's my issue. People behind my firewall (who are technically incompetant) are giving out information about the internal network, and also executing commands that outside people tell them. They are talking to these people over MSN, AIM, those kinds of things. Sadly, these people are trying to find leaks in my firewall, so I am trying to stop them. I was wondering if it was possible to actively check all the appropriate packets for certain phrases or bits of information and drop the ones that contain it, and also log them?

What tools should I use? Any tutorials that would help?
 
Old 10-16-2003, 01:27 AM   #2
Thoreau
Senior Member
 
Registered: May 2003
Location: /var/log/cabin
Distribution: All
Posts: 1,167

Rep: Reputation: 45
No.

You can block ip's and ports. You can filter and disallow ports/processes. You cannot identify and decipher any piece of data on any given process/port/ip.

Ever try to snoop a SSH session on port 80? Not very helpful. And I pity the programmer that attempts to decipher the traffic. Here are some tools that you should look at.

Prelude IDS
SNORT
Nessus
SQUID
iptables and config tools(firestarter, etc.)
spamassassin(email)

If you want a precanned ham solution that attempts erroneously to identify and stop processes and their content, you can look at getting the Cisco Packetshaper. It's only 30K.

If you want a precanned linux solution that attempts to not do multiport/ip/process content filtering, you can try out clarkconnect firewall/mandrake multinetwork firewall/netmax firewall. All of the programs I listed above are built in. And the only free one there is from mandrake, so choice you weapon at will.

Good luck. And, are your users technically incompetant if they can use MSN/AIM/execute arbitrary commands? I don't think so. No, that's where the sysadmin gets canned. If I were you, I'd get to work.
 
Old 10-21-2003, 10:11 PM   #3
ASP
LQ Newbie
 
Registered: Jul 2003
Location: Saskatchewan, Canada
Distribution: Redhat 9.0, Knoppix
Posts: 28

Original Poster
Rep: Reputation: 15
Guess I block IPs then.

Thanks (I guess...) for the help.

P.S. They are incompetant. Almost anybody can figure out how to use MSN in no time, that's why it's popular. Also, If someone sat down at a computer, and you told them "Click Start->Run, Type "command" then type "<some command>" and tell me what it says", almost anybody could understand that. It's really not that hard.

Last edited by ASP; 10-21-2003 at 10:15 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES Logging my VOIP packets? metallica1973 Linux - Security 8 11-22-2005 05:18 PM
why my kernel is not logging the packets ilnli Linux - General 4 01-23-2005 01:11 PM
logging incoming packets ip address b123coder Linux - Networking 1 11-18-2004 02:17 PM
Logging Deny/Reject packets blindgren Debian 3 06-21-2004 10:15 PM
Logging Packets Ampex Linux - Security 1 02-26-2004 07:02 PM


All times are GMT -5. The time now is 12:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration