[Dshield] Iptables parsing
don at thewilders.org
Fri Jun 10 21:02:56 GMT 2005
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of David Cary Hart
> On Fri, 2005-06-10 at 07:25 -0400, Don wrote:
> > Thanks all,
> > I found my error... Was in my firewall script. I wasn't logging
> > anything except ICMP special types.
> > Perhaps the ICMP rejects could be added to the "Dshield Submission
> > Confirmation Reports" as rejected? I saw log lines going in and
> > nothing being added or rejected, so I thought something was
> wrong with
> > the parser. I was however seeing the ICMP being rejected in
> the Dlink
> > logs that were submitted so perhaps it's just the Iptables
> parser at
> > dshield that needs the patch. :)
> Too many cycles and too much bandwidth for too little benefit IMO.
Why do you say that? Didn't Johannes in a previous post wonder how much ICMP
traffic was there? Even if it were just a count of lines rejected it would
be a good metric to have. And it would keep people from wondering (like I
did) why they were submitting several lines of log entries only to get back
that 0 lines were accepted and 0 lines were rejected.
BTW: This does work in the dlink reports which is another factor that really
I would be willing to volunteer my time to modify the iptables parser to at
least count the ICMP lines of submission... Or re-write the client
iptables.pl to ignore ICMP events all together so it doesn't even get to the
> Multi-RBL Check: http://www.TQMcube.com/rblcheck.htm
> Kill Spam at the Source: http://www.TQMcube.com/spam_trap.htm
> Today's Spam Trap Adds: http://www.TQMcube.com/BlockedToday
> RBLDNSD HowTo: http://www.TQMcube.com/rbldnsd.htm
> -------------- Sponsor Message ------------------------------------
> Join us at SANSFIRE 2005 in Atlanta!
> The Internet Storm Center Conference.
> Details: http://www.sans.org/sansfire2005
> send all posts to list at lists.dshield.org To change your
> subscription options (or unsubscribe), see:
More information about the list