Re: Logging unserved ports

Gavin M. Roy (gmr@nextpath.com)
Wed, 09 Dec 1998 23:53:33 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chris Wedgwood: "Re: [PATCH] modify console_loglevel from commandline"
Previous message: John R. Lenton: "CDaudio sound on the CMI8330"
Maybe in reply to: David F. Newman: "Logging unserved ports"

I havent caught the whole thread but if I get the jist... I use a
package to do this called Abacus Sentry, and it works great. Should be
able to find via any search engine. Its OSS.

Gavin

Andi Kleen wrote:
>
> In muc.lists.linux-kernel, you wrote:
> >Hi,
> > The TIS gauntlet firewall modifies the BSDi kernel
> >so that when packets are received on unserved ports the
> >kernel logs a security alert via syslog. That way you
> >don't have to be actively scanning the network for port
> >scans and can just scan your syslog instead. I looked
> >through the Linux security HOWTO and couldn't find any
> >mention of this. Is this possible with the Linux kernel?
>
> Sure. Just add a logging firewall rule for the unused port range(s)
> But be careful, the standard firewall does no load limiting for
> firewall logs, so an attacker might easily fill up your logging
> disk.
>
> -Andi
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wedgwood: "Re: [PATCH] modify console_loglevel from commandline"
Previous message: John R. Lenton: "CDaudio sound on the CMI8330"
Maybe in reply to: David F. Newman: "Logging unserved ports"