9

OC12mon
Building on Packet Filtering with Coral OC12mon Monitors

    Implement tcpdump, and auditing extensions to OC12mon platform
    • Similar software employed in low-performance stations on moderately-loaded FDDI DMZ (100 Mbps).

    Network security compliance monitor,
    • policy specified with filter rules
    • e.g., prohibit all IP traffic from network xxx.yyy
    • non-compliant traffic identified concurrently by Coral monitor
    • record event in audit log
    • alert intrusion monitoring and/or enforcement module

    Explore concepts of policy enforcement,
    • insert forged RESET packets (TCP traffic)
    • host or IP firewall signalling