[Gllug] Detecting attempts to contact another machine and actingon them
Richard Cottrill
richard_c at tpg.com.au
Mon Mar 12 17:35:45 UTC 2007
> From: gllug-bounces at gllug.org.uk
> [mailto:gllug-bounces at gllug.org.uk] On Behalf Of salsaman
> Sent: 12 March 2007 17:33
<SNIP>
> Another suggestion : set up iptables to log any packets with
> destination IP of the other machine. Then just monitor the
> size of the log file.
In essence this seems to boil down to whether or not the Slug can be
configured as a router/proxy. If the Slug is a router/proxy then detect the
attempt to contact The Big Machine (TBM) and switch it on. Otherwise go for
a variously smart passive traffic capture techniques and then turn on TBM.
<out on a limb>
This seems to hinge on TBM starting up in a relatively sensible time
(shorter than a TCP/application-level timeout) - which is not often my
experience. Unless TBM starts servicing requests in a timely manner, this
becomes a version of port knocking; which isn't bad, but I'm not sure it's
what you had in mind in the first place.
I don't doubt you have a long list of tips and tricks for cutting boot times
to a bare minimum though :)
</out on a limb>
Richard
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list