From: Murali Raju (protocoljunkie@gmail.com)
Date: Tue Nov 29 2005 - 09:28:55 EST
Analysis should not stop or even start with just a protocol anaylzer(say Ethereal). You can apply NSM (Network Security Monitoring)principles using a reference implementation like SGUIL(http://www.sguil.net) for a more robust architecture. To get an idea/ example take a look at Structured Traffic Analysis available as aPDF here:
http://www.insecuremagazine.com/INSECURE-Mag-4.pdf
and NSM
http://www.taosecurity.com/nsm_ws_aost.pdf
Cheers,
_Raju
On 11/28/05, Nabeel S. Alzahrani(نبيل الزهراني) <nalzahrani@gosi.gov.sa> wrote:> Dear All,>> Is there any tool/method that allow me to detect the IPs of users who are using IM (Instant Messaging i.e. MSN messenger, Yahoo messenger, ICQ, etc) and P2P (Peer-2-Peer programs such Kazaa) in our network?>> Thanks>>> ------------------------------------------------------------------------------> Audit your website security with Acunetix Web Vulnerability Scanner:>> Hackers are concentrating their efforts on attacking applications on your> website. Up to 75% of cyber attacks are launched on shopping carts, forms,> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are> futile against web application hacking. Check your website for vulnerabilities> to SQL injection, Cross site scripting and other web attacks before hackers do!> Download Trial at:>> http://www.securityfocus.com/sponsor/pen-test_050831> ------------------------------------------------------------------------------->>
--May the packets be with you.
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:12 EDT