AW: [Dshield] Firewall access
g.dodd at falk-ross.de
Tue Oct 16 08:28:45 GMT 2001
I wouldn't want to log all incoming traffic, I'd fill up the logs.....
Not having a good knowledge of IPChains how can I ignore the "approved" IP
addresses and only log other traffic. I realise I wouldn't catch IP
spoofing, but if it's possible to insert and remove a logging rule then I
can log all incoming traffic during the night and only log unauthorized
traffic during the day.
Von: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]Im
Auftrag von daniel uriah clemens
Gesendet: Montag, 15. Oktober 2001 17:00
An: dshield at dshield.org
Betreff: Re: [Dshield] Firewall access
Log the incoming packets.
Build a timeline.
You have denied packets why not log passed traffic?
Daniel Uriah Clemens
"If you tell the truth, you don't have to remember anything."
On Mon, 15 Oct 2001, Graham Dodd wrote:
> Good morning all,
> I posed this question last year and didn't get any response, I'm not sure
> that was a good or a bad sign !!
> This is from my firewall logs showing denied connections, but how do I
> if somebody got through my firewall due to an incorrect configuration or a
> security hole.
> I would appreciate comments, ideas, and possible solutions
> Oct 13 05:52:22 gateway kernel: Packet log: input DENY eth0 PROTO=6
> 126.96.36.199:1382 xxx.xx.xxx.xx:21 L=44 S=0x00 I=44807 F=0x4000 T=113 SYN
> Oct 13 07:37:04 gateway kernel: Packet log: input DENY eth0 PROTO=6
> 188.8.131.52:21 xxx.xx.xxx.xx:21 L=40 S=0x00 I=57482 F=0x0000 T=108 SYN
> Oct 13 15:45:04 gateway kernel: Packet log: input DENY eth0 PROTO=6
> 184.108.40.206:2566 xxx.xx.xxx.xx:53 L=60 S=0x00 I=31400 F=0x4000 T=44 SYN
> Oct 13 19:59:32 gateway kernel: Packet log: input DENY eth0 PROTO=6
> 220.127.116.11:3005 xxx.xx.xxx.xx:111 L=60 S=0x00 I=34726 F=0x4000 T=40 SYN
> Oct 13 21:59:23 gateway kernel: Packet log: input DENY eth0 PROTO=6
> 18.104.22.168:3975 xxx.xx.xxx.xx:21 L=48 S=0x00 I=14247 F=0x4000 T=118 SYN
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
More information about the list