Re: How to Log OUTGOING Packets w/ IPCHAINS
From: David (thunderbolt01@netscape.net)
Date: 12/31/02
- Next message: James Brost: "Netfilter appears to be dropping the conntrack entry for a specific connection too early"
- Previous message: Ted Smith: "How to Log OUTGOING Packets w/ IPCHAINS"
- In reply to: Ted Smith: "How to Log OUTGOING Packets w/ IPCHAINS"
- Next in thread: hatch-it: "Re: How to Log OUTGOING Packets w/ IPCHAINS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: David <thunderbolt01@netscape.net> Date: Tue, 31 Dec 2002 16:41:59 GMT
Ted Smith wrote:
> Hello. My ISP tells me that my server periodically gets attacked and
> pumps out about 30MB/sec of traffic.. I have bastille and pmfirewall
> running, but those are only logging blocked outgoing packets. How
> would I go about detecting the outgoing packets to figure out what is
> causing this problem? Thanks a lot!
Run "snort" or "tcpdump"
tcpdump -i eth0 -s 1500 -v -n -w /path/to/somefile
# this will log output to "somefile"
-- Confucius: He who play in root, eventually kill tree. Registered with the Linux Counter. http://counter.li.org
- Next message: James Brost: "Netfilter appears to be dropping the conntrack entry for a specific connection too early"
- Previous message: Ted Smith: "How to Log OUTGOING Packets w/ IPCHAINS"
- In reply to: Ted Smith: "How to Log OUTGOING Packets w/ IPCHAINS"
- Next in thread: hatch-it: "Re: How to Log OUTGOING Packets w/ IPCHAINS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
