[Dshield] Perhaps some silly questions, but...

Brenden Walker BKWalker at DRBSystems.com
Tue Sep 17 18:35:28 GMT 2002


I'd like to submit my logs, but darn there's so many ways to do so.. None of
which work "out of the box" for me.

Is anybody parsing apache logs for codered/nimbda 'attacks' and sending that
up?  I currently dump most of that stuff to /dev/null but perhaps it could
be useful.

I'm using iptables, but currently not setup to log any attempts.  In fact
I'm not even sure how to go about doing that, and I'd hate to change my
carefully tweaked and secured configuration and accidentally leave an
opening.  Can anybody direct me to resources that describe how to Log
attempts as well as drop/reject them?

I'm also using portsentry, tried the current client and before It's not
working for portsentry 1.1, I presume I'll have to 'tweak' the client parser
for that?  I'd upgrade, but my interface has a dynamic IP (well, hasn't
changed in quite a while, but it could) and the 2.x version of portsentry
requires you enter the IP address of the protected interface.

Thanks for listening ;-).  Feel free to say "RTFM" on any and all questions,
I'd just hate to re-invent the wheel.




More information about the list mailing list