[Dshield] Enabling iptables logs
Johannes B. Ullrich
jullrich at sans.org
Sun Dec 7 17:00:30 GMT 2003
oops. was my mistake. the order is wrong. Try the '-j LOG' ahead of
BTW: There is one more option: --log-tcp-sequence . This will log the
tcp-sequence numbers. As the man page states, there is a security issue
with loggin tcp-sequence numbers. Whoever has access to the log, could
use it to aid in tcp connection hijacking. But I think that issue is
rather remote (in particular if you only log dropped/rejected packets).
Depends on how good your sequence numbers are to begin with.
On Sun, 2003-12-07 at 01:44, Stephen Boulet wrote:
> iptables -A INPUT --log-tcp-options --log-ip-options --log-level warning
> --log-prefix " INPUT_CHAIN_DEFAULT " -j LOG
> On Saturday 06 December 2003 01:28 pm, Johannes B. Ullrich wrote:
> > whats the complete iptables command line?
> > On Sat, 2003-12-06 at 13:24, Stephen Boulet wrote:
> > > Thanks for the detailed response. I get this message when trying to start
> > > logging as you suggest:
> > >
> > > iptables v1.2.9: Unknown arg `--log-tcp-options'
> > > Try `iptables -h' or 'iptables --help' for more information.
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 786 1563
fax: (617) 786 1550 jullrich at sans.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20031207/3f6501c4/attachment.bin
More information about the list