[Dshield] Firewall access

daniel uriah clemens dclemens at inline.com
Mon Oct 15 14:59:45 GMT 2001


Log the incoming packets. 
Build a timeline.

You have denied packets why not log passed traffic?

Thank you,

Daniel Uriah Clemens


"If you tell the truth, you don't have to remember anything." 

On Mon, 15 Oct 2001, Graham Dodd wrote:

> Good morning all,
> 
> I posed this question last year and didn't get any response, I'm not sure if
> that was a good or a bad sign !!
> 
> This is from my firewall logs showing denied connections, but how do I know
> if somebody got through my firewall due to an incorrect configuration or a
> security hole.
> 
> I would appreciate comments, ideas, and possible solutions
> 
> 
> thanks,
> 	Graham
> 
> 
> Oct 13 05:52:22 gateway kernel: Packet log: input DENY eth0 PROTO=6
> 212.37.205.32:1382 xxx.xx.xxx.xx:21 L=44 S=0x00 I=44807 F=0x4000 T=113 SYN
> (#15)
> Oct 13 07:37:04 gateway kernel: Packet log: input DENY eth0 PROTO=6
> 210.131.12.54:21 xxx.xx.xxx.xx:21 L=40 S=0x00 I=57482 F=0x0000 T=108 SYN
> (#15)
> Oct 13 15:45:04 gateway kernel: Packet log: input DENY eth0 PROTO=6
> 212.5.122.11:2566 xxx.xx.xxx.xx:53 L=60 S=0x00 I=31400 F=0x4000 T=44 SYN
> (#15)
> Oct 13 19:59:32 gateway kernel: Packet log: input DENY eth0 PROTO=6
> 211.114.56.1:3005 xxx.xx.xxx.xx:111 L=60 S=0x00 I=34726 F=0x4000 T=40 SYN
> (#15)
> Oct 13 21:59:23 gateway kernel: Packet log: input DENY eth0 PROTO=6
> 217.136.35.4:3975 xxx.xx.xxx.xx:21 L=48 S=0x00 I=14247 F=0x4000 T=118 SYN
> (#15)
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: http://www1.dshield.org/mailman/listinfo/dshield
> 




More information about the list mailing list