LinuxSecurity.com: Dsniff 'n the Mirror
Apr 02, 2002, 01:00 (0 Talkback[s])
(Other stories by Patrick)
"Network monitoring is critical to understanding network
patterns, problems with congestion, intrusion detection, and just
getting an overall picture of how resources are being used on your
network. Being able to have numbers and graphs that show why
upgrading to a T3 or multiple T1 lines is probably the number one
method to get management to allocate funds for the upgrade. You can
also detect which hosts or networks may be consuming a lot of
bandwidth or which hosts or networks need higher bandwidth
priority, for that matter. By monitoring your network you can
detect the source of congestions by looking for hosts that are
streaming video and audio or downloading large files, etc.. You can
also determine if current firewall rules or router rules are
misconfigured. You can keep a trace of all network traffic coming
in and going out of your network. If a server is having trouble
accessing the internet you can easily check to see if the problem
is on your end or the other network it is trying to access. Also,
network monitoring gives you the ability to monitor for network
intrusion attempts. Many tools exist, commercial and free, that
allows you to do this. There is an excellent up and coming tool
called "hogwash " that will kill connections to known attacks
before it has a chance to touch the server on your network it was
intended. This program is based on known attack patterns and does a
great job at thwarting those attacks. The tools mentioned in this
paper are all free and most are under the GNU license..."
Complete Story
Related Stories:
