[Snort-users] Snort on SCO
fygrave at ...121...
Tue Sep 26 20:08:44 EDT 2000
~ :Nope, wonder if I could just get tcpdump working. I have a client who
~ :insists on having telnet access to his SCO box through his firewall. This
~ :was recommended by the company that sold him his e-commerce solution!! We
~ :have some 'odd port' on his firewall passed through to port 23 on his SCO
~ :box. Having it on an odd port is a little bit secure but it really ought to
~ :be alarmed so that any time it's accessed, somebody gets a message. Snort
~ :or a simple tcpdump script could be set up to alarm on the first packet of a
~ :3-way handshake coming in from a non-internal address....probably wouldn't
~ :be a bad idea to get a message on the close of the session either.
You don't have to run snort on SCO box in this case, just plug it in
somewhere on the way. It would be interesting if you could build snort
there though, does libpcap build there in the first place? :)
More information about the Snort-users