From: Hirsch, Adam (Adam.Hirsch@dresdnerkleinwort.com)
Date: Tue Aug 29 2006 - 13:53:05 EDT
Oops, I gave the wrong name of the vendor that sells that traffic
anomaly products (with Layer 7 inspection). Correct company is Mazu
Networks not Reconnex.
Adam
On 8/29/06, Hirsch, Adam <Adam.Hirsch@dresdnerkleinwort.com> wrote:
> What you seem to be looking for already exists. A traffic anomaly
> analyzer that is able to inspect traffic up to Layer 7. Check out a
> product called Reconnex. This may do what you are looking for..
>
> You may run in to confidentiality and privacy issues if you start
> capturing actual packet payloads. You may want to talk to your legal
> and HR departments before doing this.
>
> -Adam
>
>
>
> -----Original Message-----
> From: xelerated [mailto:xelerated@gmail.com]
> Sent: Tuesday, August 29, 2006 9:32 AM
> To: pen-test@securityfocus.com
> Subject: Packet Payload
>
> Im posrting this to the pen-test group, rather than firewall or IDS
> because it covers many areas.
>
> Id like to see what the pro's think about capturing and storing packet
> payloads from firewalls, ids, etc... everything rather than just
> loggin the incidents.
>
> Im trying to explain to my management how useful the payloads could be
> if we were ever to really need them, say from a forensics point of
view.
> To give another example, one time I was seeing lots of firewall drops,
> I could tell what ports, src and dest. but no packet data. To everyone
> involved it looked like a worm trying to spread.
> Well in the end it wasnt, infact is was something that was nice to
> know about, but it was not hostile traffic. But if I had been able to
> see the payloads i could have seen the data request and known from the
> start what it was, or was not.
>
> What would be really great, is a whitepaper covering this, or enough
> info/facts that I could throw one together.
>
> thanks!
> Chris
>
> C|EH, CISSP
>
> ----------------------------------------------------------------------
> --
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php
> ----------------------------------------------------------------------
> --
>
>
> If you have received this e-mail in error or wish to read our e-mail
disclaimer statement and monitoring policy, please refer to
http://www.dresdnerkleinwort.com/disc/email/ or contact the sender.
>
>
If you have received this e-mail in error or wish to read our e-mail disclaimer statement and monitoring policy, please refer to http://www.dresdnerkleinwort.com/disc/email/ or contact the sender.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:52 EDT