David,
Can these scripts be made to work on Charles' Eigerstein images or is is it just for
use with the Oxygen distro?
This sounds like something that I'd like to set up on my firewall ES2B, especially
with all of the activity that I have seen in the logs lately.
Thanks!
Danny Carter
On Wed, 19 September 2001, David Douthitt wrote:
>
> I've packaged a couple of scripts that tie into PortSentry which page me
> (and send email) every time one tries to connect to a port protected by
> PortSentry.
>
> One sends out a page based on the command line by using an email gateway
> (you'll have to figure out your own).
>
> The other does the work; it sends out the page, as well as formulating a
> big email with all the details possible about the source IP.
>
> This current script will, if the binaries are available, do the
> following (all against the source IP address):
>
> * whois (administrative contacts and IP block owner)
> * dig (name lookup and name servers)
> * traceroute (how long? what routers between here and there?)
> * tcptraceroute (same as traceroute, but uses TCP not ICMP - pierces
> some firewalls)
> * ping (how long does it take to get there?)
> * nmap (what ports do they have open? What are they running?)
>
> The last four also help to identify that this is a REAL host active on
> the network.
>
> The nmap option is in the script but not run by default: some sites
> could classify a nmap probe as hostile behavior (and perhaps illegal
> behavior). The nmap line is commented out.
>
> The package is at
> http://leaf.sourceforge.net/pub/oxygen/packages/alert.lrp
>
> Enjoy!
>
> _______________________________________________
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
