Re: Logging atempts
balexander@sonsofthunder.yi.org wrote:
>
> On Sun, Jul 16, 2000 at 04:21:28PM +0000, Patrick Barr wrote:
> >
> > I need somebodys help on this....
> >
> > What I want to do, is run a programme that will monitor my ppp0
> > connection for any attempts from anyone to connect to a port and FAIL.
> > I am running 2.4.0 test2 (but I will soon move back to 2.2.16 when
> > potato comes out) and I dont have netfilter on, I just have hosts.deny
> > set to all:all.
>
> If you are looking to see if someone is getting through your ipchains and
> getting stopped by tcp_wrappers, you can change your hosts.deny from
> ALL: ALL to
>
> ALL: ALL: spawn ( \
> echo -e "\n\
> TCP Wrappers\: Connection refused\n\
> By\: $(uname -n)\n\
> Process\: %d (pid %p)\n\
> User\: %u\n\
> Host\: %c\n\
> Date\: $(date)\n\
> " | /bin/mail -s "Connection to %d blocked" root)
>
> This will send you an email whenever someone gets through to
> tco_wrappers.
Please consider the side effects of this: a simple DOS would
be generating a huge amount of TCP requests towards this machine
forcing the system to send an email every time. Sometimes it
can make the target unusable...
Ciao,
Mario.
Reply to: