I have no particular reason to suspect that this is truly the case as the problem is very intermittent. (occasional complete loss of internet connection... for no readily discernible reason)
I have all the pre-requisite AV, Firewall, Anti-Spyware, etc tools and like to keep a tight reign on my security... as far as I am able to anyway.
Anyway, can anyone tell me if IDS/IPS software like snort or Prevx would be able to tell me what I want to know. Would there be clues to such an attack in my router firewall log or even my software firewall logs if i set them up properly (Sygate PF).
Does anyone have any suggestions for diagnosing a complete net black-out, whether DOs related or not? If not an attack then what might be some likely places to check for faults? Is it more likely to be a temporary fault at the ISP's side of things? Or even a wiring fault at home?!
I have tried all that I can think of but alas, although I have used a variety of specialist tools and settings with some degree of success in relation to this type of thing, I lack the knowledge to delve deeper or to really understand what i'm looking at.
If anyone can recommend some further reading I would be obliged.
For example, I find firewall logs fascinating but merley sit and look sagely upon the confusion, occasionally picking out discernible bits of information. How do people make sense of all this? How can I filter it into something useful? Are there settings I can enable in the firewall? Or software i can use to analyse the logs? Are there logs on my actual cable modem itself? Can I access them in a similar fashion to my router setup? Would that be against the T&C's of my ISP?
Any and all advice welcome, I seek to learn.
[note] Thanks to Efwis for pointing out a major blunder in this post. Major editing ensued! Cheers for the heads up dude [/note]
Edited by Baggyboy, 29 August 2005 - 05:45 PM.