On Wed, May 20, 2009 at 21:23, Pat Barber <mboceanside@xxxxxxxxxxxxxxxx> wrote:
Can anybody recommend a tool that will help me
find a pc on a lan that is opening many(thousands)
of connections and is killing the cache of the
firewall.

ntop
wireshark
iptraf

All of them need Linux (some may run on Windows). You'll need either a
managed Switch and mirror the Firewall, or throw a plain old hub
between the Firewall and the LAN.

This shuts all web connections down in the
dirt.

Replace the firewall, it's faulty or not sized appropriately. Probably both.

The firewall folks have been of little/no help
on what might be going on.

Replace the firewall folks.

Apparently, an outside auditor brought a laptop
in the office around a week ago and our accounting folks
let him attach right into the lan with no questions.

Make sure to use 802.1x Authentication on all LAN ports accessible to
non-IT employees.

Also, replace the auditor and make sure proper disciplinary measures
are taken with the people that allowed him to connect.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.