Tool To Monitor / View Firewall Attacks?

Support section for FREESCO v0.3.x 3rd Party Packages

Postby markmcjr » Sun Feb 15, 2009 11:39 pm

Is there a tool that I can use to view / monitor any attacks on the firewall?

What are the must have tools / addons for the security conscious?
<br>Regards,<br>Mark<br><br><span style='color:purple'>-------------------------<br>www.mytruetech.com<br><br>Great technology makes people successful; Great people make technology successful. - MM</span>
User avatar
markmcjr
Newbie
 
Posts: 23
Joined: Sat Aug 03, 2002 3:41 pm

Postby Lightning » Mon Feb 16, 2009 12:04 am

The default system does a pretty good job of blocking any outside attacks. But if you are after even more than that you can install the "snort" package which has extended intrusion detection and blocking capabilities. It does however take some monitoring because it WILL end up blocking sites that you don't want blocked. Such as if you do something like run a port scan from grc.com they will end up blocked automatically and you will have to unblock them manually.
If you are afraid that you might make a mistake. The chances are high that you will never learn anything.
User avatar
Lightning
FREESCO GOD !!
 
Posts: 3045
Joined: Wed Nov 14, 2001 6:50 am
Location: Oregon, USA

Postby markmcjr » Fri Feb 20, 2009 6:03 pm

agreed - however - is there any GUI tools that can tell me what is being blocked? and if there were any attacks?

I have install darkstat and iptotal - but there really dont provide that information.

I would like to have a better idea of what is going on with the traffic on the firewall.
<br>Regards,<br>Mark<br><br><span style='color:purple'>-------------------------<br>www.mytruetech.com<br><br>Great technology makes people successful; Great people make technology successful. - MM</span>
User avatar
markmcjr
Newbie
 
Posts: 23
Joined: Sat Aug 03, 2002 3:41 pm

Postby Lightning » Fri Feb 20, 2009 10:31 pm

Hmmm well the snort package does have a full set of control panel addons that will display all of the alert logs for the firewall and it will show you all of the IPs that it has blocked as well. There are also other things that can be done to monitor the firewall with respect to filtering the main logs which can be done with just some minor scripting and there may even be a package to do it around somewhere. But I do not remember whether that was just something discussed a long while back or if it ever became a package. The simplest way is just to turn off the non-essential logging and just leave the firewall logging enabled. That way firewall logs are mostly all that are in the messages file. You then can save the logs for reference. You also could change the syslog.conf syslog.cfg file and have it sort out the firewall logs automatically so that they are in a separate file. But none of these things are built into a GUI type of interface and require you to get your hands a little dirty to make the system do what you want. Which is exactly what FREESCO is designed to be capable of doing without a degree in computer science.

Everyone on this forum will usually help if we know exactly what you are after. Because a general idea of watching the firewall to see what it is doing is pretty vague.
If you are afraid that you might make a mistake. The chances are high that you will never learn anything.
User avatar
Lightning
FREESCO GOD !!
 
Posts: 3045
Joined: Wed Nov 14, 2001 6:50 am
Location: Oregon, USA


Return to 3rd Party Package Support for FREESCO v0.3.x

Who is online

Users browsing this forum: No registered users and 1 guest

cron