Re: IPChains leak for UDP!?
From: Alexander List (alexlist@sbox.tu-graz.ac.at)Date: 10/31/01
- Previous message: Sebastian Ip: "Re: IPChains leak for UDP!?"
- In reply to: Sanjeev B.S.: "IPChains leak for UDP!?"
- Next in thread: Johnny Tang: "Re: IPChains leak for UDP!?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Oct 2001 20:01:09 +0100 (CET) From: Alexander List <alexlist@sbox.tu-graz.ac.at> To: "Sanjeev B.S." <sanjeev@mbu.iisc.ernet.in> Subject: Re: IPChains leak for UDP!? Message-ID: <Pine.LNX.4.33.0110311957120.7620-100000@linux.babenberg.vc-graz.ac.at>
On Wed, 31 Oct 2001, Sanjeev B.S. wrote:
> But occasionally I would get some portsentry warnings, telling some port
> is getting probed. (I think all UDP only, I am not sure. Ports are
> usually 137, 138, 80, etc.)
I run iplogger and observe similar behaviour. But I think those tools are
running in promiscuous mode, so they will probably log everything kinda
"natively", analyzing packets themselves, and the packets don't have to
traverse the kernel's IP stack (and/or ipchains) to get logged. I have -l
switches on my ipchains deny rules so I see everything logged that I
actually don't want to see on my system ;-)
If I'm talking complete nonsense, someone please correct me ;-)
Alex
--
People often think of research as a form of development -- that it's
about doing exactly what you planned, doing it on time, and doing it
with resources that you said you'd use. But if you're going to do
that, you have to know what you are doing, and if you know what you
are doing, it isn't really research."
--Dave Liddle, The New Yorker, Feb. 23/Mar.2, 1998, p84
- Previous message: Sebastian Ip: "Re: IPChains leak for UDP!?"
- In reply to: Sanjeev B.S.: "IPChains leak for UDP!?"
- Next in thread: Johnny Tang: "Re: IPChains leak for UDP!?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
