[Gllug] Iplog
t.clarke
tim at seacon.co.uk
Thu Aug 16 15:14:04 UTC 2001
---------------------------------------
Message from:-
Tim Clarke (tim at seacon.co.uk)
Seacon Holdings plc Group, London, U.K.
Telephone: +44 (0)1474 320000
Fax: +44 (0)1474 329946
---------------------------------------
Darren wrote:-
>Does anyone use iplog? Looks like a good program for
>improving knowledge of scans, however i can't get it to print
>output to screen or disk when detecting any scans. This is
>on Redhat 7.1. and iplog-2.2.3-fr1.
I am using iplog on Redhat with kernel 2.2.19 with no problems.
I am about to port it to Redhat 7.1 - will let you know if it works in due
course.
The iplog I am using is version 2.2.1 which is older.
I am guessing that iplog has to be 'in step' somehow with the kernel in use;
this may be the problem, I don't know. If you are using a redhat installed
RPMS version then it ought to work. Another thing maybe worth looking at is
whether your kernel is running ipchains in 'compatibility' mode, or iptables.
Meantime, the following is my iplog config on the 2.2.19 kernel, if it
helps at all:-
user nobody
group nobody
logfile /var/log/iplog
interface eth1
set frag true
set smurf true
set bogus true
set fin_scan true
set udp_scan true
set portscan true
set xmas_scan true
set null_scan true
set ping_flood true
set traceroute true
ignore tcp dport 80
ignore tcp dport 25
ignore tcp sport 53
ignore tcp dport 113
ignore tcp dport 137
ignore udp sport 53
ignore udp dport 137
ignore icmp type unreach
ignore icmp type echo
log tcp
log udp
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list