the reason why logging extra info on this has not been implemented before
is because just about all exploits use spoofed src addresses. that makes
logging the 'attacker' ips fairly useless to the admin and quite useful to
the attacker because you're adding to the attack by flooding your log
files.
for all intents and purposes, logging the source of the attack is
generally worthless.
frustrated prepubescent heck..might as well say it..idiots, don't
comprehend that if your machine doesn't die with a couple of packets,
5,000 of them aren't going to crash it either. they simply increase the
attack number expecting linux to keel over and die like m$.
so generally, instead of logging 'bad packet', you're logging 'bad packet
from this boogie man' which basically just adds effectiveness to the
attack by consuming cpu and drive space.
your patch appears to only incorporate a printk -without- the NETDEBUG
wrapper. this means you will print a message to syslog for -every- bad
packet, and it will not have "msg repeated x times" :(
please visit linuxhq.com and review some of the patches there that very
similar to yours. some incorporate the NETDEBUG wrapper, some don't.
if you'll look at the line just before your patch, you can see how
NETDEBUG(...) is incorporated. you may find that useful in your future
applications.
-d
-- Look, Windows 98 Buy, lemmings, buy! MCSE, Must Consult Someone Experienced (c) 1998 David Ford. Redistribution via the Microsoft Network is prohibited. for linux-kernel: please read linux/Documentation/* before posting problems
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/