[Dshield] Configuring iptables; need favorite port lists

John Sage jsage at finchhaven.com
Fri Jun 20 01:33:57 GMT 2003


Kenton, et al:

On Thu, Jun 19, 2003 at 11:37:36AM -0600, Kenton Smith wrote:
> Forgive me if this misses your point (again, sorry) but what about using
> Ed's deny all for your rules and log everything that isn't explicitly
> allowed. 

Actually, that's pretty much what I've been doing, that and going
through my old snort logs and coming up with a list..

I was just being lazy :-/

> You could then just grep (or similar) the logs for the
> interesting ports. This would allow you to pull information for the
> interesting ports today, and if there was a new interesting port
> tomorrow, you would still have all the information at your disposal for
> historical reference as well. This would then also prevent any errors
> inadvertently made while changing your IPTables on a regular basis.
> Of course you need lots of disk space but that's cheap...
> 
> Just a thought,
> 
> Kenton


- John
-- 
"Obviously, we do not want to leave zombies around."




More information about the list mailing list