From: Brian Dennis (brian@5g.net)
Date: Thu Oct 24 2002 - 12:17:03 GMT-3
If you have a router behind the PIX you can put an access-list in that
will log when someone goes to that particular website.
access-list 100 permit tcp any host 198.133.219.25 eq 80 log
access-list 100 permit ip any any
int fa0/0
description Interface to PIX
ip access-group 100 out
Another option would be to just don't allow anyone to get to that
website and see who complains. Let them come to you ;-)
Brian Dennis, CCIE #2210 (R&S/ISP Dial)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Sam Munzani
Sent: Wednesday, October 23, 2002 12:43 PM
To: ccielab@groupstudy.com
Cc: cciesecurity@yahoogroups.com
Subject: PIX Question
Group,
I have PIX setup with PAT. Hiding 15000+ stations behind a few IP. We
are
getting complains from some web sites that somebody from our network
tried to
hack their server. Since it's PAT, all they can give us was Date/Time
when our
IP tried to hack their server.
Sysloging Informational messages to a syslog server could give me enough
data
to trace this hacker in my internal network. However for 25000+
connections
it's a big overhead on PIX and syslog server.
Does anybody have a better idea to trace it? Any ideas would be greately
appreciated.
Thanks,
Sam
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:56 GMT-3