David> Hi,
David> The TIS gauntlet firewall modifies the BSDi kernel
David> so that when packets are received on unserved ports the kernel
David> logs a security alert via syslog. That way you don't have to
David> be actively scanning the network for port scans and can just
David> scan your syslog instead. I looked through the Linux security
David> HOWTO and couldn't find any mention of this. Is this possible
David> with the Linux kernel?
No need to modify the kernel...
see 'man ipfwadm' for 2.0.x
or
'man ipchains' for 2.1.x
Basically just setup a rule (or chain) to deny (and log) access to all
the ports you are interested in. Note that this might make your logs
really big.
I will see about adding something about this to the security HOWTO...
kevin
-- Kevin Fenzi kevin@scrye.com http://scrye.com/~kevin/- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/