Where are "Log AttacLog" emails coming from...

To: debian-user@lists.debian.org
Subject: Where are "Log AttacLog" emails coming from...
From: Hose <subscriptions@bluemaggottowel.com>
Date: Sat, 12 Apr 2008 09:24:30 -0500
Message-id: <[🔎] F631C4CB-1DB4-4E7D-9395-28615E2D0574@bluemaggottowel.com>

I have inherited the lovely duty of admin'ing a production serverrunning Etch. It's all very straightforward except for a phantominstalled package that is spitting out snort-esque emails to rootabout perceived ongoing attacks. Unfortunately the only one it everseems to complain about is the "TearDrop Attack" which it really isn't(it's just a strange network topology combined with some OS X usersusing Bonjour). I am constantly getting emails with the subject line


Log AttackLog(from: [ip])

Followed by the relevant lines from some mysterious log file that Ican't find. Googling only shows that apparently whatever this packageis is also used on various firewall and router devices/firmwares, asthey also send out similar emails. I've dug through dpkg's installedpackage list and even gutted out some log notifications packages, butfor the love of god, I can't seem to hit the right one. Does anyoneknow which package this is? Either so I can edit its detectionruleset or destroy it utterly...


hose

Reply to:

Follow-Ups:
- Re: Where are "Log AttacLog" emails coming from...
  - From: NN_il_Confusionario <pinkof.pallus@tiscalinet.it>

Prev by Date: Is there away to hide the incoming mail when sending mails to this maling list ?
Next by Date: Re: [Totally OT] Re: Hmmm. A question. Was [Re: Debian is losing its users]
Previous by thread: Re: Is there away to hide the incoming mail when sending mails to this maling list ?
Next by thread: Re: Where are "Log AttacLog" emails coming from...
Index(es):
- Date
- Thread