Find out who's trying to get into your system. Simon Edwards show's you how to make sense of SmoothWall's log files.
1. Log into the SmoothWall firewall. In our case the firewall's Green interface has the IP address 192.168.0.1, so in Internet Explorer the URL would be https://192.168.0.1:441. Click Yes to proceed when a Security Alert complains about the site's security certificate. This just shows that the certificate hasn't been installed on your PC.
 |
2. Click on the Services button, entering the username as 'admin' and the password you specified during installation. Next, click the intrusion detection system link on the toolbar and tick the box called Intrusion Detection System: Snort. When you click on Save you'll have activated the popular Snort IDS system on your firewall. |
 |
3. The firewall should prevent 'bad' traffic, such as internet worms, from entering, as long as you don't add any rules that allow incoming traffic to the LAN. It will also log such attempts, as well as port scans. Click on the Logs tab and choose Firewall to see the long lists of port scans that have failed to reach your desktop PCs.
|
 |
4. In the intrusion detection system tab in the log menu you'll see records of attacks. We're allowing port 80 (web) traffic through to our DMZ area, and someone is running web server attacks against our server. The attacker's IP address is 192.168.1.11 here. In a real situation you'd see a public IP address such as 207.46.250.222. |