[Dshield] Is it true that Linux users do not fear Viruses and Trojans (+ some vital questions)

Manuel Lanctot pacu at sympatico.ca
Sun Oct 13 16:34:53 GMT 2002


> Ed Truitt wrote:
> >3a) Linux actually has 2 "firewalls" built in to the OS.  IPCHAINS, and
> >IPTABLES.  While I am not aware of a GUI front end to these similar to ZA,
> >there are some tools available to help facilitate the process.  Yes, they
> > do produce "pages" of cryptic logs - so does ZA.  Again, I suspect you
> > should be able to locate some utilities that make it easier to read them.
> >  I use IPTABLES along with an Intrusion Detection System called SNORT,
> > and each day I automatically run a script which takes the (cryptic) logs
> > from SNORT and turns them into an email report I can scan to see who is
> > bugging me.  The IPTABLES logs I simply forward to DShield (though there
> > are some scripts that pretty them up into a nice report, too.)  SNORT
> > also has other add-ins, including some GUI and web-based front-ends for
> > real-time monitoring.

I have written a simple shell script which parse the logs generated by IPTABLES. 
You give it a port number and it will find all IPs who were logged as trying to 
access it. It will then resolve the hostname and output the results in a HTML file. 
I use it myself to see who's infected by different worms and probing me. 

Available at:
http://freshmeat.net/projects/luserlocate/

There are many, many other tools for generating nice and clean reports of those 
IPTABLES "cryptic logs". And even more for Snort. 

--
Manuel Lanctot




More information about the list mailing list