Re: Masquerading - where are the logs ?
From:Date: 11/04/02
- Next message: Tim Pailthorpe: "Re: refused connect from root@::ffff:210.217.157.15 (::ffff:210.217.157.15)"
- Previous message: : "Re: Firewall logs-what is ppp0 PROTO=17"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 4 Nov 2002 20:30:39 -0000
run 'ipchains -M -L' this will report all MASQueraded connections.
"LinuxUser" <I_read_news@home> wrote in message
news:n3orru0hda4iq2p8i8q2pernp3mr07l3e1@4ax.com...
> On 24 Oct 2002 00:19:19 GMT, unruh@string.physics.ubc.ca (Bill Unruh)
> wrote:
>
> >Bit Twister <BitTwister@localhost.localdomain> writes:
> >
> >]On Tue, 22 Oct 2002 19:28:30 -0200, LinuxUser wrote:
> >]> I have a linux computer setup to listen to music, also to
> >]> connect to the internet. My sons computer runs windows, so I set up
> >]> masquerading with iptables on my computer, so he could browse the
> >]> internet while I listen to my music.
> >]> Out of curiosity, I did a netstat (with every option I could
> >]> think of), and my sons connection to the internet did not show up at
> >]> all !!! I "tailed" through all the logs, and nothing there. The only
> >]> thing that showed up at all was a large number of bytes under
> >]> pppstats.
> >]> That got me worried. A trojan on his computer could set up a
> >]> link to the hackers computer without my knowledge of it.
> >
> >Much more likely to set up a link to your computer, since it is what the
> >hacker sees. He does not see your son's computer except as a set of high
> >port numbers on your system.
> >
> >
> >
> >
> >]> So my question is : where do I look so I can see what
> >]> connections are passing through my box ?
> >]> If it is not logged by default, is there a console based
> >]> program that can do that for me ?
> >]> TIA
> >
> >tcpdump.
> >More info than you ever wanted.
> If I could get it to work :(
> Tried adding the "report name_of_file" option to pppd by
> editing my /etc/ppp/options or whatever file.
> But pppd refuses to connect. In my logs I get "record" is not
> a valid option to pppd.
> pppdump just interprets an already-dumped file, and I cant
> figure out how to dump the traffic "on the fly".
> I want something like windows' "netstat -an 5" plus a dumper
> for pppd traffic (if it dumped to a hex file that would be fine)
>
- Next message: Tim Pailthorpe: "Re: refused connect from root@::ffff:210.217.157.15 (::ffff:210.217.157.15)"
- Previous message: : "Re: Firewall logs-what is ppp0 PROTO=17"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
