LISTSERV - PCBUILD Archives - LISTSERV.ICORS.ORG

PCBUILD Archives

Personal Computer Hardware discussion List

PCBUILD@LISTSERV.ICORS.ORG

	LISTSERV Archives
	PCBUILD Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Seeking recommendations for software to monitor internet attacks
From:	Dave Gillett <[log in to unmask]>
Reply To:	PCBUILD - Personal Computer Hardware discussion List <[log in to unmask]>
Date:	Fri, 5 Jan 2001 02:57:34 -0800
Content-Type:	text/plain
Parts/Attachments:	text/plain (54 lines)

On 4 Jan 01, at 22:06, John Sproule wrote:

> Hello all,
>
> I was wondering if someone could recommend software for monitoring
> malicious attempts to connect to my computer.  I'm actually more
> interested in identifying and logging attacks that I think would be
> considered denial of service attacks, rather than just port scans.
> I play some online computer games, and it is not that ususual to
> find myself crashed out of a game with my computer needing a reboot
> to recover.  The circumstances of when these incidents occur makes
> me suspect that someone I was connected to enjoys causing people
> grief more so than playing the game.  In any case, I am interested
> in somekind of monitoring software that would give me some evidence
> of something like this happening, rather than my just suspecting
> that this was the case.
>
> I have an ADSL connection that passes through a Linksys router.
> The router has some logging capacity, but it seems pretty limited,
> simply listing the IP address and the port number (TCP presumably)
> for incoming and outgoing connections made.  I was thinking that I
> could run the monitoring software on a second computer hooked up to
> the router.  I could even place this computer outside of the
> router's "firewall", though I don't know if that  is necessary for
> what I'm interested in.  Perhaps it will be necessary to have a
> computer placed out from behind the router ("DMZ setting"), in
> order to log the attack, if it is basically taking down the router,
> first, and only indirectly taking my computer with it.  I'm running
> Win 98 SE, which limits the tools that are available.
>
> I know this is a complex subject matter and I am probably entering
> waters that are over my head, but I would appreciate any and all
> information on this topic.

  I'm uncertain how good the logging on your firewall is, but in any
case, if there is traffic from elsewhere crashing your PC, it must be
getting PAST your firewall.

  So my suggestion is to set up a second machine as a "sniffer",
capturing packets as they pass on their way.  [Since this traffic is
apparently getting past the firewall, there's no need to put this
machine outside and at risk!]
  There are professional sniffer programs that cost hundreds of
dollars and have flashy screen displays, but you can get decent
results with the freeware "tcpdump" utility (for Unix/Linux; ported
to Windows (NT specific?) as "windump").  There may be other
inexpensive options....

David G

              The NOSPIN Group is now offering Free PC Tech
                     support at our newest website:
                          http://freepctech.com

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG