Re: cleaning up my firewall script...

To: Bjoern Schmidt <bj-schmidt@uni-paderborn.de>, debian-firewall@lists.debian.org
Subject: Re: cleaning up my firewall script...
From: Mike Mestnik <cheako911@yahoo.com>
Date: Mon, 9 Feb 2004 12:38:41 -0800 (PST)
Message-id: <[🔎] 20040209203841.64922.qmail@web11905.mail.yahoo.com>
In-reply-to: <[🔎] 4027E66B.2090209@uni-paderborn.de>

I think tcpdump may be the way to go then.  Try first with 
iptraf, as it's not so low level.  Both of these are network
packet sniffers and are a must have for any fierwall.

--- Bjoern Schmidt <bj-schmidt@uni-paderborn.de> wrote:
> Mike Mestnik wrote:
> > IIRC you can pass logs to any facility and level, even making up your own.  Then you add
> something
> > like...
> > # in /etc/syslog.conf
> > myfacility.*      /var/log/netjunk.log
> 
> For this i can use the ULOG target, but you asked for the whole
> packet...
> 
> > 
> > --- Bjoern Schmidt <bj-schmidt@uni-paderborn.de> wrote:
> > 
> >>Mike Mestnik wrote:
> >>
> >>>That's surprising...
> >>>It could be pkts from a non IP interface(maby your loopback?) or from a non IP protocol? 
> Even
> >>
> >>so
> >>
> >>>they should have been caught by your blank rule.  This would seam like a problem, one that
> >>
> >>could
> >>
> >>>be explotable.  See if you can catch the pkts in question with tcpdump or the like, that
> might
> >>
> >>be
> >>
> >>>helpfull.
> >>>
> >>
> >>
> >>Is there any netfilter target which redirects packets into one or more
> >>files? An existing FILELOGGER target would be great:
> >>
> >>iptables -P INPUT -j FILELOGGER --d-folder /slippedpackets/
> >>
> >>Then i could change the chain policy to save these packets in an easier
> >>way than using tcpdump...
> >>
> >>-- 
> >>Greetings
> >>Bjoern Schmidt
> >>
> >>
> >>
> >>-- 
> >>To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> >>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> >>
> > 
> > 
> > 
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! Finance: Get your refund fast by filing online.
> > http://taxes.yahoo.com/filing.html
> > 
> > 
> 
> 
> -- 
> Mit freundlichen Gruessen
> Bjoern Schmidt
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 


__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html

Reply to:

References:
- Re: cleaning up my firewall script...
  - From: Bjoern Schmidt <bj-schmidt@uni-paderborn.de>

Prev by Date: Re: Writing rules based on program emitting/receiving paquet
Next by Date: Looking for that netfilter filter for regex application identification.
Previous by thread: Re: cleaning up my firewall script...
Next by thread: Re: cleaning up my firewall script...
Index(es):
- Date
- Thread