On Fri, Jul 21, 2000 at 03:17:51PM +0200, Mario Scarpa wrote: > balexander@sonsofthunder.yi.org wrote: > > > > On Sun, Jul 16, 2000 at 04:21:28PM +0000, Patrick Barr wrote: > > > > > > I need somebodys help on this.... > > > > > > What I want to do, is run a programme that will monitor my ppp0 > > > connection for any attempts from anyone to connect to a port and FAIL. > > > I am running 2.4.0 test2 (but I will soon move back to 2.2.16 when > > > potato comes out) and I dont have netfilter on, I just have hosts.deny > > > set to all:all. > > > > If you are looking to see if someone is getting through your ipchains and > > getting stopped by tcp_wrappers, you can change your hosts.deny from > > ALL: ALL to > > > > ALL: ALL: spawn ( \ > > echo -e "\n\ > > TCP Wrappers\: Connection refused\n\ > > By\: $(uname -n)\n\ > > Process\: %d (pid %p)\n\ > > User\: %u\n\ > > Host\: %c\n\ > > Date\: $(date)\n\ > > " | /bin/mail -s "Connection to %d blocked" root) > > > > This will send you an email whenever someone gets through to > > tco_wrappers. > > Please consider the side effects of this: a simple DOS would > be generating a huge amount of TCP requests towards this machine > forcing the system to send an email every time. Sometimes it > can make the target unusable... True, but if you have a good set of ipchains scripts, you will very rarely see messages from tcpd, because theoretically the only things that are getting through your firewall script is authorized traffic. This setup should only trigger in the case of a hole in your firewall rules, and there are definitely worse ways to find out about that...:-) And just for the record, I use PeterW's firewall script. He wrote the rules for Bastille Linux, but you can get the firewall rules as a standalone script at http://www.tux.org/~peterw. -- --Brad ============================================================================ Bradley M. Alexander | Co-Chairman, Beowulf System Admin/Security Specialist | NoVALUG/DCLUG Security SIG Winstar Telecom | balexander@winstar.com (703) 889-1049 | storm@tux.org ============================================================================ Cats are smarter than dogs. You can't make eight cats pull a sled through the snow.
Attachment:
pgpd0ly29v3P3.pgp
Description: PGP signature