From: Sam Munzani (sam@munzani.com)
Date: Wed Oct 23 2002 - 16:42:56 GMT-3
Group,
I have PIX setup with PAT. Hiding 15000+ stations behind a few IP. We are
getting complains from some web sites that somebody from our network tried to
hack their server. Since it's PAT, all they can give us was Date/Time when our
IP tried to hack their server.
Sysloging Informational messages to a syslog server could give me enough data
to trace this hacker in my internal network. However for 25000+ connections
it's a big overhead on PIX and syslog server.
Does anybody have a better idea to trace it? Any ideas would be greately
appreciated.
Thanks,
Sam
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:55 GMT-3