Re: Logging unserved ports

Damon Buckwalter (damon@meta-x.net)
Tue, 08 Dec 1998 14:04:41 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ben Shelef: "reproducable kernel crash"
Previous message: Horst von Brand: "Re: Linux login security approaches"
Maybe in reply to: David F. Newman: "Logging unserved ports"
Next in thread: Kevin Fenzi: "Re: Logging unserved ports"

"David F. Newman" wrote:
>
> Hi,
> The TIS gauntlet firewall modifies the BSDi kernel
> so that when packets are received on unserved ports the
> kernel logs a security alert via syslog. That way you
> don't have to be actively scanning the network for port
> scans and can just scan your syslog instead. I looked
> through the Linux security HOWTO and couldn't find any
> mention of this. Is this possible with the Linux kernel?

There is a package called 'iplogger' (in the Debian Linux distro at
least) which logs _all_ TCP connection attempts w/ auth info, and
optionally, all ICMP packets. Its individual components are called
'tcplogd' and 'icmplogd', respectively.

I believe it does this using the Linux raw sockets interface. But
please correct me if I'm wrong. :^)

--
damon@meta-x.net -- PGP and GPG public keys at http://meta-x.net/keys/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ben Shelef: "reproducable kernel crash"
Previous message: Horst von Brand: "Re: Linux login security approaches"
Maybe in reply to: David F. Newman: "Logging unserved ports"
Next in thread: Kevin Fenzi: "Re: Logging unserved ports"