[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fehler syslog



Also sprach Michael Welle <m.welle@gmx.net> (Mon, 03 Oct 2005 21:18:05 +0200):
> Hallo,
> 
> Richard Mittendorfer <delist@gmx.net> writes:
> > Also sprach Michael Welle <m.welle@gmx.net> (Mon, 03 Oct 2005 17:11:10
> > +0200):
> [...]
> > Wenn ippl mit promisc mode arbeitet bekommt er ua. udp-Hits (am tcp-
> > gedroppten) Port 22 mit. Warum dann jemand 661 Versuche starten sollte
> > ist 'ne andere Sache. Pruef' mal deinen Rechner von aussen.
> hm. Bringt ja nix. Ich kann das Verhalten triggern:
> 
> Eingabe:
> Stella:~> date && telnet x.x.x.x 0
> Mon Oct  3 21:05:56 CEST 2005
> Trying x.x.x.x...
> telnet: Unable to connect to remote host: Connection refused
> Stella:~> date && telnet x.x.x.x 0
> Mon Oct  3 21:11:08 CEST 2005
> Trying x.x.x.x...
> telnet: Unable to connect to remote host: Connection refused
> 
> Ausgabe:
> Oct  3 21:05:56 port 0 connection attempt from x.x.x.x (x.x.x.x:40079->x.x.x.x:0)
> Oct  3 21:09:06 last message repeated 21 time(s)
> Oct  3 21:11:08 port 0 connection attempt from x.x.x.x (x.x.x.x:44632->x.x.x.x:0) 

Was passt dir hier nicht?
 
> Wenn keiner mehr etwas weiss, werde ich wohl mal einen bug report
> riskieren. 

Das koennte ein wenig Licht in die Sache bringen:

$ apt-cache show ippl

----[...]---------------------------------------------------------------------------
Description: IP protocols logger
 writes information about incoming ICMP messages, TCP connections and
 UDP datagrams to syslog.
 .
 It is highly configurable and has a built-in DNS cache.
 .
 Please note that upstream is rather inactive lately (4-5 years), and
 that there are some rather nasty bugs.
 .
 An incomplete list of the bugs includes:
   - random packets don't get logged sometimes
   - stops logging at all after some weeks
   - ipv6 never got implemented
   - documentation is out of sync.
 .
 Trying to fix these bugs is not easy. Please do not expect the Debian
 maintainer to do this, but patches are appreciated.
 .
 Please consider using a fully-grown intrusion detection system (like
 snort) instead of ippl.
------------------------------------------------------------------------------

> VG
> hmw

sl ritch 



Reply to: