Need network monitoring help
I've tried using alerts and Network Monitor on SBS 2003
but can't really find what I'm loooking for. I may need a
3rd party app to do this.
I need to set it up so that I get a page when anyone uses
a certain service or port on my server. For example, if port
3389 or the RDP service is used.
I know of programs that do the paging part but I cant seem
to natively find a way to alert me when a certain port is used
whether in Network Monitor using triggers or with Alerts.
Any direction on this would be much appreciated.
but can't really find what I'm loooking for. I may need a
3rd party app to do this.
I need to set it up so that I get a page when anyone uses
a certain service or port on my server. For example, if port
3389 or the RDP service is used.
I know of programs that do the paging part but I cant seem
to natively find a way to alert me when a certain port is used
whether in Network Monitor using triggers or with Alerts.
Any direction on this would be much appreciated.
Comments
-
Ahriakin Member Posts: 1,799 ■■■■■■■■□□I don't know about setting something like that up on the target themselves but an IDS can be set to do just what you want. SNORT is free and you can either make your own rules or include the Bleeding Edge ones and they are only too happy to report RDP/VNC or pretty much any remote control protocols from the monitored segments (it's actually one of the primary functions of our own server-segment IDS, I keep a record of all admin share and remote access events). If you're using windows go to www.winsnort.com for all you need, including an excellent tutorial. Also get the Activewerx IDS Policy Manager and HoneyNet Console (I found the latter much better than using a web interface as described in the tutorial).We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?