Re: Logging atempts
Some comments on the topic:
On Mon, 17 Jul 2000, Florian Friesdorf wrote:
> On Mon, Jul 17, 2000 at 01:41:46AM +0200, A. Vije wrote:
> > On Sun, 16 Jul 2000, Patrick Barr wrote:
> > > What I want to do, is run a programme that will monitor my ppp0
> > > connection for any attempts from anyone to connect to a port and FAIL.
> > > I am running 2.4.0 test2 (but I will soon move back to 2.2.16 when
> > > potato comes out) and I dont have netfilter on, I just have hosts.deny
> > > set to all:all.
> > You can just cat (or tail -f for realtime stats) your syslog (tail -f
> > /var/log/syslog) for as for as i know all attempts get logged there.
> afaik you need the iplogger package installed,
> including tcplogd and icmplogd, doing exactly what their names sound like.
As far as I know: if you are running a packet filter, and that is the
reason why a connection attempt fails, than this event won't reach tcplog,
but still appears in syslog (if you filter is configured in this way).
> for 2.2.x kernels 'ipchains -I input 1 -i ppp0 -l -y -p tcp'
> will log all incoming tcp connection attempts through ppp0.
> --> 'man ipchains', for further details
If you are using your ppp hard, this rule will produce a lot of logged
data. It is more reasonable to set the packet filter to log the tcp
connections, which are REJECTed or DENYed by it. This will probably make
less logged data. Am I right?
> > Small note Potato ships with 2.2.17pre6. (i`m looking forward to it .. :)
Will potato really ship with a pre-kernel? In this case why don't
patch-2.4.0-test4? (I know, that this mailing list is not dedicated for
questions like this)