Forescout has a tool like that (www.forescout.com) It looks for scans,
etc and can do a SAM drop or TCP reset, whichever you prefer.
Bill
--
Bill Mathews
Open Source Software Advocate
billford AT billford DOT com
The wise and noble Raymond N spiteth forth upon the land, these thoughts:
> Hi there,
> Just wondering if there are OPSEC tool that would generate alerts about
> port scanning, DOS attack, or other abnormal form of network traffic
> patterns? I am not interested about deploying dozen of IDS/IPS agents on
> the network. What 's in my mind is a real-time log analysis tool that
> will
> generate alerts by actively (real-time) scanning the Checkpoint firewall
> log. Does this sound reasonable? Any suggestions?
>
> Thanks.
>
> -raymond
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
