Security Incidents mailing list archives
Re: traffic logging
From: damian () ITACTICS COM (Damian Gerow)
Date: Wed, 3 May 2000 09:28:15 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Humm... I don't much care for PortSentry's retaliation sequence. The suggested action (blocking the route, adding offending host to hosts.deny, setting up a firewall rule to deny all traffic coming from the offending host) really turns me off - it creates a nice, simple DoS on it's own. For logging traffic in detail, there's a nice patch to detect port scans. If you go to http://www.innu.org/~sean/, you can get it there. That, combined with ippl and generic linux logging do it great.
I've been seeing a lot of odd traffic on several of my machines and I was wondering what you folks suggest for logging traffic on a single machine. Several of the machines are Linux boxes, and I'd like the ability to log in depth. Things I'd like to capture would include things like stealth scans and odd packets. Any suggestions?Not so much for traffic, but I use logcheck for any anomolies in the log files, and PortSentry to detect and react to port scans. They can both be found here: http://www.psionic.com/ /*--------------------------------------------------------- Scott McClelland, CNA Network Administrator Vortex Data Systems (619) 497-6400 x229 -----------------------------------------------------------*/
-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBORAo7PWPEBDMsfC4EQJ0ygCfVMoJJNVbcsG0rPaethu1d4wH7CoAnjHA 8aFJZCLAqGs9aV2tAhC7t5Wf =v3Mr -----END PGP SIGNATURE-----
Current thread:
- Re: traffic logging Scott McClelland (May 01)
- <Possible follow-ups>
- Re: traffic logging Damian Gerow (May 03)
- Re: traffic logging spiff (May 08)
- Re: traffic logging Craig H. Rowland (May 08)
- Re: traffic logging Jason Baker (May 08)
- Re: traffic logging spiff (May 08)
- Re: traffic logging Robert G. Ferrell (May 03)
- Re: traffic logging Erich Meier (May 04)
- Re: traffic logging Damian Gerow (May 09)