From: Javier
Date: Thu Oct 24 2002 - 12:28:29 GMT-3
Hola
Put an IDS (snort or CSIDS) on the inside, configured correctly,
it will be able to pickup attacks "from" your users to the outside
No impact to the pix or server....
Regards
--- Sam Munzani <sam@munzani.com> escribis: > Group,
>
> I have PIX setup with PAT. Hiding 15000+ stations behind a few IP. We are
> getting complains from some web sites that somebody from our network tried
> to hack their server. Since it's PAT, all they can give us was Date/Time
> when our IP tried to hack their server.
>
> Sysloging Informational messages to a syslog server could give me enough
> data to trace this hacker in my internal network. However for 25000+
> connections it's a big overhead on PIX and syslog server.
>
> Does anybody have a better idea to trace it? Any ideas would be greately
> appreciated.
>
> Thanks,
> Sam
>
=====
--- Javier Contreras Albesa
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:56 GMT-3