From: Albert Lu (albert_lu@optushome.com.au)
Date: Thu Oct 24 2002 - 13:47:33 GMT-3
Brian,
Correct me if I'm wrong, but from my experience access-list logging doesn't
always catch all matches. Do you remember what restrictions it has?
Regards,
Albert
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Brian Dennis
Sent: Friday, October 25, 2002 1:17 AM
To: 'Sam Munzani'; ccielab@groupstudy.com
Cc: cciesecurity@yahoogroups.com
Subject: RE: PIX Question
If you have a router behind the PIX you can put an access-list in that
will log when someone goes to that particular website.
access-list 100 permit tcp any host 198.133.219.25 eq 80 log
access-list 100 permit ip any any
int fa0/0
description Interface to PIX
ip access-group 100 out
Another option would be to just don't allow anyone to get to that
website and see who complains. Let them come to you ;-)
Brian Dennis, CCIE #2210 (R&S/ISP Dial)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Sam Munzani
Sent: Wednesday, October 23, 2002 12:43 PM
To: ccielab@groupstudy.com
Cc: cciesecurity@yahoogroups.com
Subject: PIX Question
Group,
I have PIX setup with PAT. Hiding 15000+ stations behind a few IP. We
are
getting complains from some web sites that somebody from our network
tried to
hack their server. Since it's PAT, all they can give us was Date/Time
when our
IP tried to hack their server.
Sysloging Informational messages to a syslog server could give me enough
data
to trace this hacker in my internal network. However for 25000+
connections
it's a big overhead on PIX and syslog server.
Does anybody have a better idea to trace it? Any ideas would be greately
appreciated.
Thanks,
Sam
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:56 GMT-3