Re: IPTABLES, LOGS TO FILES

From: Fool (fool_at_tom.com)
Date: 07/17/04


Date: 17 Jul 2004 09:24:55 +0800


"Nuno Paquete" <nmp@ispgaya.pt> gl
news:40f6e707$0$1766$a729d347@news.telepac.pt...
> JoeAley2003 wrote:
>
> > Hi all...
> >
> >
> > I need to have a report of all connections that have been made from
> > my internet forwarded host 192.168.0.10.
> >
> > Basically, i need...
> >
> > -Host Name
> > -Host IP
> > -Port Number
> >
> > of the machine my local (192.168.0.10) is accessing, and if we can go
> > to the state of art, i need to store the response of each connection.
> > I mean, if my local net request www.google.com, my server will save
> > the html response into a file too.
> >
> >
> > Thank you all!!!
>
> Hi.
> I use iptables to log well known "atacks".
> For example, to log every ping-of-death attacks I've got this lines in my
> iptables' configuration script:
>
> # Port-Scanner Attack
> iptables -N Port_Scann
> iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j Port_Scann
> iptables -A Port_Scann -m limit --limit 10/s -j LOG --log-level info
> --log-prefix "Port-Scann: "
> iptables -A Port_Scann -j DROP
>
> I create a new chain because I don't just want to log, I also want to drop
> those packets.
> If you just want to log traffic coming from 192.168.0.10 you just need
this
> lines:
>
> iptables -A FORWARD -s 192.168.0.10 -j LOG --log-level info --log-prefix
> "Anything you want: "
> iptables -A FORWARD -d 192.168.0.10 -j LOG --log-level info --log-prefix
> "Anything you want: "
>
> With this lines you log every traffic that is forwarded from/for your
target
> host.
> This logs don't say much things to you, you just can seen when your user
> sends/receives packets.
> If you want to analyse better the traffic, like you described before (see
> what sites your user is visiting), you should use a snnifer like Ethereal
> to filter all the traffic comming for/from the host you want.
>
> I hope this can help you.
>
> Regards,
>
> Nuno Paquete

You scripts are very useful for me. Thank you very much.

-- 
        ~ Samba, more than a low cost File and Printer server ~
            
             -- Let us OpenSource --
-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----==  Over 100,000 Newsgroups - 19 Different Servers! =-----


Relevant Pages

  • Re: Strange netstat output - possible hacking attempt?
    ... >> think we can really call that 'port scanning' in any illegitimate sense. ... > out to the colo swerver, the ISP would cut the link, outgoing packets would ... "Requests per 10 seconds per host rule" and only inforcing these rules ... connections making it a WAN. ...
    (comp.os.linux.security)
  • Pocket PC (iPaq 4350) fails to make wireless connection even after replacing motherboard!
    ... Established connections reset: 2 ... Host Name: localhost ... INC Vendor: High Tech Computer ... Host Name: WINDOWSMOBILE97 ...
    (microsoft.public.pocketpc)
  • Re: Error messages for remote desktop connection attempt
    ... Did you enable Remote Desktop connections on the XP Pro host? ... have you checked the EventLog on the host? ... "The net logon service on the local computer started and then ...
    (microsoft.public.windows.terminal_services)
  • Who do I file this bug with ?!?
    ... -indirect host-name contact named host for indirect XDMCP ... localhost - Only allow connections from localhost ... QueryConnect - Prompt the local user to accept or reject incoming ... AcceptCutText - Accept clipboard updates from clients. ...
    (Fedora)
  • Re: Network of 2 desktops, 1 laptop, all WinXP
    ... > Does your host use Zone Alarm?? ... >> proper connections. ... >>> Network CD copied and loaded to a laptop connected by wireless router ... >>> does not show on the second desktop as being part of the network. ...
    (microsoft.public.windowsxp.network_web)