A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

How to monitor attacks against my IP?



 
 
Thread Tools Display Modes
  #1  
Old July 24th 03, 09:46 PM posted to uk.telecom.broadband
zeebop
external usenet poster
 
Posts: 47
Default How to monitor attacks against my IP?

Hi,

I have an Alcatel Speedtouch 510 (4 port hub/router/adsl modem)

It has a built in firewall which seems to do a good job.

I was wondering how I would go about monitoring any malicious probes
against my IP. Is there some free software to do this?

Cheers

zeebop
  #2  
Old July 24th 03, 10:09 PM posted to uk.telecom.broadband
Lek
external usenet poster
 
Posts: 20
Default How to monitor attacks against my IP?

the router will probably make logs.. you just need to find out how to get to
them


"zeebop" wrote in message
...
Hi,

I have an Alcatel Speedtouch 510 (4 port hub/router/adsl modem)

It has a built in firewall which seems to do a good job.

I was wondering how I would go about monitoring any malicious probes
against my IP. Is there some free software to do this?

Cheers

zeebop



  #3  
Old July 25th 03, 04:54 AM posted to uk.telecom.broadband
Maximilian K.
external usenet poster
 
Posts: 25
Default How to monitor attacks against my IP?

Then there're "intrusion detection" systems.
We run one at work. In fact, UNIX group does.
What a load of ********. It always indicates we're under attack.

(When you cry wolf too often no one is to help when wolf is there...)
--
_______________________
Maximillian!


"Lek" wrote in message
news
the router will probably make logs.. you just need to find out how to get

to
them


"zeebop" wrote in message
...
Hi,

I have an Alcatel Speedtouch 510 (4 port hub/router/adsl modem)

It has a built in firewall which seems to do a good job.

I was wondering how I would go about monitoring any malicious probes
against my IP. Is there some free software to do this?




  #4  
Old July 25th 03, 09:22 AM posted to uk.telecom.broadband
Lek
external usenet poster
 
Posts: 20
Default How to monitor attacks against my IP?

In English?

"Maximilian K." wrote in
message ...
Then there're "intrusion detection" systems.
We run one at work. In fact, UNIX group does.
What a load of ********. It always indicates we're under attack.

(When you cry wolf too often no one is to help when wolf is there...)
--
_______________________
Maximillian!


"Lek" wrote in message
news
the router will probably make logs.. you just need to find out how to

get
to
them


"zeebop" wrote in message
...
Hi,

I have an Alcatel Speedtouch 510 (4 port hub/router/adsl modem)

It has a built in firewall which seems to do a good job.

I was wondering how I would go about monitoring any malicious probes
against my IP. Is there some free software to do this?






  #5  
Old July 25th 03, 05:36 PM posted to uk.telecom.broadband
Peter Morgan - 0870 432 9631
external usenet poster
 
Posts: 294
Default How to monitor attacks against my IP?

On Fri, 25 Jul 2003 09:22:09 +0100, "Lek" wrote:

In English?


or upside down ?

(That there's probably no point worrying about the "attacks" as the
reporting of same can get you paranoid, and if there are reports at
1 minute intervals, you'd not spot a true attack anyway! BICBW.)

  #6  
Old July 26th 03, 12:27 AM posted to uk.telecom.broadband
Maximilian K.
external usenet poster
 
Posts: 25
Default How to monitor attacks against my IP?


"Peter Morgan - 0870 432 9631" wrote in message
.net...
On Fri, 25 Jul 2003 09:22:09 +0100, "Lek" wrote:

In English?


or upside down ?

(That there's probably no point worrying about the "attacks" as the
reporting of same can get you paranoid, and if there are reports at
1 minute intervals, you'd not spot a true attack anyway! BICBW.)


My point is: a decent intrusion detection system shouldn't cry murder all
the time.

Because, if it does so, the real attack can be easily missed - because huge
number of false alarms will make those attack reports not worth attention.

The IDS we have at work, always says we're under attack. Hence the verdict:
"loads of b--x".
Don't blame me, UNIX guys run it. :-)

_______________________
Maximillian!





  #7  
Old July 26th 03, 01:45 PM posted to uk.telecom.broadband
Lek
external usenet poster
 
Posts: 20
Default How to monitor attacks against my IP?

Well actually I think you are incorrect. Due to the nature of the internet
(networking) and attacks .... normal internet background noise and attacks
can look very similar. Therefore intrusion detection has to be easily tuned
to get the right balance.

"The IDS we have at work, always says we're under attack. Hence the verdict:
"loads of b--x"."


In this case your intrusion detection needs "tuning", if it can't be tuned
THEN it is a load of bollox... if it can be tuned and isnt ... then it is
the fault of the administrator in charge of that particular piece of
equipment.



"Maximilian K." wrote in
message ...

"Peter Morgan - 0870 432 9631" wrote in message
.net...
On Fri, 25 Jul 2003 09:22:09 +0100, "Lek" wrote:

In English?


or upside down ?

(That there's probably no point worrying about the "attacks" as the
reporting of same can get you paranoid, and if there are reports at
1 minute intervals, you'd not spot a true attack anyway! BICBW.)


My point is: a decent intrusion detection system shouldn't cry murder all
the time.

Because, if it does so, the real attack can be easily missed - because

huge
number of false alarms will make those attack reports not worth attention.

The IDS we have at work, always says we're under attack. Hence the

verdict:
"loads of b--x".
Don't blame me, UNIX guys run it. :-)

_______________________
Maximillian!







  #8  
Old July 26th 03, 05:52 PM posted to uk.telecom.broadband
Keith Roberts
external usenet poster
 
Posts: 19
Default How to monitor attacks against my IP?

I have a firewall box at home that gives me reports of what traffic has been
trying to get to my network - I get loads of info all the time that the
Internet link is active.

The box is using Snort that logs details of what ports were scanned etc
etc - sometime these are a reslt of visiting certain web pages that try to
assess your system. There are also a lot of scans of my system to attack my
web/SQL servers etc that I am not running - these are mostly automated
attacks. It is not ******** it just idicates that there are a lot of
compromised systems on the Internet that are being used to find and attack
systems that dont have upto date security patches appplied.

If you attach a system to the Internet you will get attacked randomly just
to see if you are running anything that can be hacked easily.

Yesterday I had two scans for "MS-SQL Worm propagation attempt" lots of
attempts to attach to MS filesharing system quite a few attempts at web
server and assorted other attacks - I was only on for a few hours yesterday.

I am runing www.ipcop.org on seperate machine

Maximilian K. wrote:
Then there're "intrusion detection" systems.
We run one at work. In fact, UNIX group does.
What a load of ********. It always indicates we're under attack.

(When you cry wolf too often no one is to help when wolf is there...)

"Lek" wrote in message
news
the router will probably make logs.. you just need to find out how
to get to them


"zeebop" wrote in message
...
Hi,

I have an Alcatel Speedtouch 510 (4 port hub/router/adsl modem)

It has a built in firewall which seems to do a good job.

I was wondering how I would go about monitoring any malicious probes
against my IP. Is there some free software to do this?



  #9  
Old July 26th 03, 08:11 PM posted to uk.telecom.broadband
Martin Cooper
external usenet poster
 
Posts: 119
Default How to monitor attacks against my IP?

"Keith Roberts" wrote:

I have a firewall box at home that gives me reports of what traffic has

been
trying to get to my network - I get loads of info all the time that the
Internet link is active.

The box is using Snort that logs details of what ports were scanned etc
etc - sometime these are a reslt of visiting certain web pages that try to
assess your system. There are also a lot of scans of my system to attack

my
web/SQL servers etc that I am not running - these are mostly automated
attacks. It is not ******** it just idicates that there are a lot of
compromised systems on the Internet that are being used to find and attack
systems that dont have upto date security patches appplied.

If you attach a system to the Internet you will get attacked randomly just
to see if you are running anything that can be hacked easily.

Yesterday I had two scans for "MS-SQL Worm propagation attempt" lots of
attempts to attach to MS filesharing system quite a few attempts at web
server and assorted other attacks - I was only on for a few hours

yesterday.


I totally agree. The problem with an IDS is when people do not use it
correctly. Looking at every exploit rarely shows anything. I also use
snort, and have two sensors working, one on my external unfiltered
interface, the second on the inside of my firewall. I then have snort
insert all attack data into a mysql database on a different machine. This
machine runs an apache web server, and ACID (Analysis Console for Intrusion
Detaction).

In combination, this allows me to see that my firewall is indeed blocking
the attacks I expect it to block by comfirming that data picked up on the
external sensor never gets to the internal sensor. In addition, ACID allows
me to search for attacks from a unique IP address. In the case that a large
number of exploits are attempted in a fairly short space of time, I can then
conclude that those attacks are an attempt to hack my network. Only then
would I bother to contact the users ISP and report the attack. Such attacks
have been fairly rare, but I have had to file about 5 abuse reports in the
last 6 months. However, this is getting a bit OT for this group.

--

Martin
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 05:52 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2020 BroadbanterBanter.
The comments are property of their posters.