[Dshield] Configuring iptables; need favorite port lists
jsage at finchhaven.com
Fri Jun 20 01:33:57 GMT 2003
Kenton, et al:
On Thu, Jun 19, 2003 at 11:37:36AM -0600, Kenton Smith wrote:
> Forgive me if this misses your point (again, sorry) but what about using
> Ed's deny all for your rules and log everything that isn't explicitly
Actually, that's pretty much what I've been doing, that and going
through my old snort logs and coming up with a list..
I was just being lazy :-/
> You could then just grep (or similar) the logs for the
> interesting ports. This would allow you to pull information for the
> interesting ports today, and if there was a new interesting port
> tomorrow, you would still have all the information at your disposal for
> historical reference as well. This would then also prevent any errors
> inadvertently made while changing your IPTables on a regular basis.
> Of course you need lots of disk space but that's cheap...
> Just a thought,
"Obviously, we do not want to leave zombies around."
More information about the list