LinuxSecurity.com: Dsniff 'n the Mirror

"Network monitoring is critical to understanding network patterns, problems with congestion, intrusion detection, and just getting an overall picture of how resources are being used on your network. Being able to have numbers and graphs that show why upgrading to a T3 or multiple T1 lines is probably the number one method to get management to allocate funds for the upgrade. You can also detect which hosts or networks may be consuming a lot of bandwidth or which hosts or networks need higher bandwidth priority, for that matter. By monitoring your network you can detect the source of congestions by looking for hosts that are streaming video and audio or downloading large files, etc.. You can also determine if current firewall rules or router rules are misconfigured. You can keep a trace of all network traffic coming in and going out of your network. If a server is having trouble accessing the internet you can easily check to see if the problem is on your end or the other network it is trying to access. Also, network monitoring gives you the ability to monitor for network intrusion attempts. Many tools exist, commercial and free, that allows you to do this. There is an excellent up and coming tool called "hogwash " that will kill connections to known attacks before it has a chance to touch the server on your network it was intended. This program is based on known attack patterns and does a great job at thwarting those attacks. The tools mentioned in this paper are all free and most are under the GNU license..."

Complete Story

Related Stories:

• VNU Net: Researchers develop SSH cracker (Aug 23, 2001)
• Net-Security.org: Installation of a Secure Web Server(Jul 28, 2001)
• Linux Journal: Your Network's Secret Life, Part 3(Jul 05, 2001)
• Linux Journal: Your Network's Secret Life, Part 2(Jun 10, 2001)