Here's the original request followed by the responses. All of the
suggestions were right on the money- Thanks to everyone who responded.-
Larry
----------------------------
From: Katz_L
To: alpha-osf-managers
Cc: Taccone_D
Subject: TCP/IP Traffic Monitor & Firewall
Date: Tuesday, June 27, 1995 10:03AM
hello alpha-osf-managers-
We're using our OSF 3.0 box as a gateway for WEB, Telnet, and FTP.
Does anyone know if it there is a TCP/IP network activity program for OSF
that can tell us when a connection starts, source address, target address, &
protocol? We used to easily get that kind of info from our dialup
Morningstar router, but now we're using a Cisco 2514 for frame relay which
does not seem to have this kind of logging. Some sample output:
21-jun-95 09:34 204.241.70.1 -> 128.92.92.1 UDP
21-jun-95 09:34 204.241.70.1 -> 38.8.8.6 ICMP
21-jun-95 09:36 204.241.70.1 <- 192.34.54.5 SMTP
Also, on a related topic, is there any OSF firewall software available that
can allow users to WEB, Telnet, Ping and FTP from their PCs. For security
reasons, the Cisco router only allows traffic from the OSF box onto the
Internet and users now do these functions directly from the OSF box.
Thanks in advance.
Larry Katz
GSE Process Solutions
Hunt Valley, MD.
---------------------------------------
If you get the 'TIS' firewall toolkit (see
http://www.tis.com/) you can
build this on OSF1 and the IP filtering software will provide you with the
kind of detailed logging you are looking for. This is a proxy server
which means that your users ftp sessions will have to go via the firewall
and thus the firewall is not transparent except for those applications
that are 'proxy aware'.
This is just one idea, there are other ways to cook this goose.
****************************************************************************
***
**
Keith S McCabe email:
Keith.McCabe_at_ranplc.co.uk
Unix System Administrator phone: +44 (0)171 374 4841
Rolfe & Nolan fax: +44 (0)171 374 0732
1/9 City Road
London EC1Y 1AA
****************************************************************************
***
**
___________
Regarding connection logging software, I'd highly recommend
the "tcp wrapper" program which can be found at ftp.cert.org
in /pub/tools/tcp_wrappers.
Kennedy Lemke
Computer Systems Manager
__ _______________ UNIX && TCP/IP Network administrator
/ |/ / _/_ __/ / Postmaster && News administrator
/ /|_/ // / / / / / Matsushita Information Technology Laboratory
/ / / // / / / / /___ Panasonic Technologies, Inc.
/_/ /_/___/ /_/ /_____/ 2 Research Way
Work Phone: (609) 734-7329 Princeton, New Jersey 08540-6628
Fax: (609) 987-8827 Email: lemke_at_Research.Panasonic.COM
___________________
The tcpdump utility can do this fairy easily. See "man tcpdump" for
the grotty details, but here's the important part:
] To print the start and end packets (the SYN and FIN packets) of each TCP
] conversation that involves a nonlocal host:
]
] tcpdump 'tcp[13] & 3 != 0 and not src and dst net localnet'
> Also, on a related topic, is there any OSF firewall software
> available that can allow users to WEB, Telnet, Ping and FTP from
> their PCs. For security reasons, the Cisco router only allows
> traffic from the OSF box onto the Internet and users now do these
> functions directly from the OSF box.
You want a proxy agent running on the OSF machine, then. I'd start by
looking at socks, or the proxy agent parts of the TIS toolkit.
They're pretty portable.
Ross Alexander, ve6pdq -- (403) 675 6311 -- rwa_at_cs.athabascau.ca
________________
Something like NNstat or tcpdump will do the first of your questions.
tcpdump is shipped with the O/S, while NNstat should be available on
gatekeeper.dec.com. For both, you will need to specify filters to get
the information you require, but it's perfectly do-able.
For the second, look at a couple of packages called 'sockd' and the
TIS 'fwtk'. The second is available from ftp.tis.com, the first should
be available (or a pointer to it should be there) on coast.cs.purdue.edu
Anthony
__________
Yes, Digital sells a total Firewall Solution that uses proxy daemons so
that pc's can do these functions. If you would like to talk further
about this, please send me mail on dll_at_csc.cxo.dec.com
Dan Lowry
Network Security and Technology Consulting
Digital Equipment Corporation
Internal home page is
http://bullwinkle.csc.cxo.dec.com/lowry.html
tsc::dll (internal decnet mail)
____________
If by PC you mean to include Macintosh, then the answer is "yes". There
sia full implementation of the SOCKS firewall available for Macintosh.
See the Info-Mac HyperArchive at M.I.T., URL:
http://hyperarchive.lcs.mit.edu/HyperArchive.html
Marc Kenig
InterServe Communications
______________
Check out the TIS firewall toolkit, available from "ftp.tis.com" (at least
it
was the last time I was logged into the ftp server). I think it can do
everything you want, and more. Best of all, it's freeware!
Good luck.
Bob
haskins_at_myapc.com
Received on Wed Jun 28 1995 - 23:56:22 NZST