Re: How to read firewall logs?
From: Erik (et57)
Date: 07/31/04
- Next message: Erik: "Re: wanna do a good thing?"
- Previous message: Juha Laiho: "Re: Iptables question : need help =)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 31 Jul 2004 14:38:39 +0200
On Fri, 04 Jun 2004 13:04:07 -0500, the right honourable Mike Oliver
<mike_lists@verizon.net> wrote:
>OK, so I finally got around to having iptables LOG and then DROP
>uninvited input packets, rather than just DROPping them. I didn't
>expect the volume to be quite that high! Seems people are attacking --
>or at least sending SYN packets -- every few seconds.
>
>How do I figure out just what is being attempted? I can trace
>the SRC field with the "host" command, but what are TTL, ID,
>SPT, DPT, WINDOW, URGP? Googling on these terms brings up
>a lot of logs; didn't see any direct explanation. Can I tell
>if these are attempts to establish, say, telnet, ftp, rsh, or
>ssh connections?
OOOOOOOOW... you need to read/study Andreasson's manual:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html
Really, if you want to read logs, you need to feel at home in this
material. There are no shortcuts.
After that, look at http://www.snort.org/
frgr
Erik
- Next message: Erik: "Re: wanna do a good thing?"
- Previous message: Juha Laiho: "Re: Iptables question : need help =)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
