Re: Logging unserved ports

Ben Collins (bmc@it.larc.nasa.gov)
Tue, 8 Dec 1998 17:30:52 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: frankb: "Re: Logging unserved ports"
Previous message: Sam Mortimer: "Re: Linux login security approaches"

On Tue, Dec 08, 1998 at 11:50:32AM -0500, David F. Newman wrote:
> Hi,
> The TIS gauntlet firewall modifies the BSDi kernel
> so that when packets are received on unserved ports the
> kernel logs a security alert via syslog. That way you
> don't have to be actively scanning the network for port
> scans and can just scan your syslog instead. I looked
> through the Linux security HOWTO and couldn't find any
> mention of this. Is this possible with the Linux kernel?

There is a package called iplogger that comes with tcplogd, udplogd, and i
think icmplogd. All of these use a passive detection method which is what
you are talking about. They then log via syslog, i don't think they are
very configurable about which ports they log, so you may have to grep
thru.

-- ----- -- - -------- --------- ---- ------- ----- - - --- -------- Ben Collins <b.m.collins@larc.nasa.gov> Debian GNU/Linux UnixGroup Admin - Jordan Systems Inc. bcollins@debian.org ------ -- ----- - - ------- ------- -- The Choice of the GNU Generation

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: frankb: "Re: Logging unserved ports"
Previous message: Sam Mortimer: "Re: Linux login security approaches"