Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Monitoring/Intrusion Detection 1

Status
Not open for further replies.
awreneau

awreneau

Technical User
Mar 26, 2003
98
US
I have recently inherited a network of about 150 users that run 98 all the way thru to XP. I'm in the process of eliminating the 98 machines and migrating to XP.

My delima is this, the current structure isnt favorable and I have alot of work to do in order to bring the state of the network back to what I would call acceptable, however I have to do this on a tiny budget.

Wondering if someone could tell me of some software that would check the network for "junk" I found a few machines that are infected w/ viruses and I'm eliminating those by installing AV across the board. Most users are setup as local admins so they can install anything and I think, from what I can gather, that there is surplus traffic on the network. Identifying the source and the intended purpose of that traffic is what I'd like some suggestions for.

I'm interested in Open Source solutions as I'm familar w/ linux.

I do not manage the switches or routers so I cant use those devices for any "clues".

Thanks

WR
 
Sort by date Sort by votes
Dowload Snort, get you an old box that you don't use for anything, put two NICs in it, and you're good to go. There's tons of documentation online to help you get it set up and running. If you don't have any luck, come back and post here.

CISSP,ISC2 Affiliate & Instructor, MCT, MCSE2K/2K3, MCSA, CEH, Security+, Network+, CTT+, A+
 
Upvote 0 Downvote
KEWL!

I've been looking at snort since I made this post. Looks like a solution made for my problem.

Thanks!
 
Upvote 0 Downvote
As for figuring out what's out on your network, I would recommend installing NTop. NTop will analyze your traffic by ip, protocol, throughput, local/remote, and other options. You will need a hub or spanned port on your switch where the NTop box will be able to 'hear' all the traffic.

Ethereal is also invaluable, but sounds like a little more info on the traffic than necessary.
 
Upvote 0 Downvote
Thanks for the input, I've also come across a mashed up solution named OSSIM
From what I've seen so far it compiles alot of OS software into one tool.


Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mlchris2
  • Locked
  • Question
vulnerability Scan and Intrusion Detection project... would like some
Replies
1
Views
59
Noway2
Noway2
housed
  • Locked
  • Question
Web Browser Monitoring??
Replies
1
Views
76
cajuntank
cajuntank
floppyraid
  • Locked
  • Question
packet sniffing / network monitoring
Replies
6
Views
127
floppyraid
floppyraid
brokenhalo
  • Locked
  • Question
Log monitoring security software
Replies
2
Views
57
brokenhalo
brokenhalo
CyberPriest
  • Locked
  • Question
File Monitoring 2
Replies
3
Views
38
CyberPriest
CyberPriest

Part and Inventory Search

Sponsor

Back
Top