Security Basics mailing list archives

Re: iptables log analysis tools

From: Yvan Laverdiere <laverdiy () videotron ca>
Date: Mon, 24 Feb 2003 14:22:33 -0500

Hi,

Have a look at this page :

http://gege.org/iptables/doc/faq.html


Hope this helps...

Yvan


----- Original Message -----
From: "Skip Morrow" <skip () pelorus org>
To: "Security-Basics" <security-basics () securityfocus com>
Sent: Sunday, February 23, 2003 12:26 PM
Subject: iptables log analysis tools


ACID is great for analyzing snort logs.  Are there any good software
packages with that kind of power and flexibility for iptables logs?
I think one place to start would be to find a way to have iptables
log to a mysql database (like snort does).
--
Skip Morrow, skip () pelorus org on 02/23/2003

From alias () securityfocus com Mon Feb 24 14:10:16 2003

X-Apparently-To: yladude () yahoo com via 216.136.130.96; 24 Feb 2003
11:08:55 -0800 (PST)
Return-Path: <bugtraq-return-8426-yladude=hoo.com () securityfocus com>
Received: from 205.206.231.26  (EHLO outgoing.securityfocus.com)
(205.206.231.26)
Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq () securityfocus com>
List-Help: <mailto:bugtraq-help () securityfocus com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe () securityfocus com>
List-Subscribe: <mailto:bugtraq-subscribe () securityfocus com>
Delivered-To: mailing list bugtraq () securityfocus com
Delivered-To: moderator for bugtraq () securityfocus com
Received: (qmail 20005 invoked from network); 23 Feb 2003 17:39:53 -0000
Date: 23 Feb 2003 17:42:43 -0000
Message-ID: <20030223174243.21642.qmail () mail securityfocus com>
From: alias () securityfocus com
Subject: Re[2]: PHPNuke SQL Injection / General SQL Injection
To:
Content-Length: 727

MightyE,

In response to your mail of Saturday 22 February 2003 at 21:20:29:

M> Actually, user supplied input from $_COOKIES, $_POST, and $_GET
M> comes slash-escaped, so if the user enters
M> ' or 1=
M> as their input, the sql statement will look like
M> where some_int=' or 1=
M>       [..snip..]
M> function escape($input){
M>     if (get_magic_quotes_gpc()) return $input;
M>     return addslashes($input);
M> }
M>       [..snip..]


Better still, always do this:

        ...WHERE id =. intval($userinput) ." AND...

which doesn't rely on local configuration, magicquotes etc., and
resolves to (e.g.) "id =" when the $userinput is bad or missing.

Safe, simple, portable and effective.


--
Best regards,
James.

Current thread:

Permissions scanner Di Fresco Marco (Feb 22)
- iptables log analysis tools Skip Morrow (Feb 24)
  - Re: iptables log analysis tools Yvan Laverdiere (Feb 24)
  - Re: iptables log analysis tools Chris Travers (Feb 24)
- <Possible follow-ups>
- Re: Permissions scanner Chris Berry (Feb 24)
  - RE: Permissions scanner Di Fresco Marco (Feb 25)
    - Re: Permissions scanner Harvey Cary (Feb 26)