This message contains replies and or questions from two different posts on
the mailing list. I am only addressing specific issues and not the entire
contents of both posts from Charles and Simon.
> - Configure LaBrea to *NOT* capture IP addresses (you've only got a single
> IP anyway, and while those on cable-modems might be able to grab additional
> IP's, you should play nice with your neighbors and the cable company, and
> grabbing extra IP's (even for tarpitting) would probably violate your terms
> of use).
>
> Use the -x switch for LaBrea to disable IP address capturing
I have looked into this switch, and studied what Simon suggested and
believe
I would go with this
OPTIONS="-i eth0 -l -v -p 80000 -z -x -F /etc/LaBrea.bpf"
-i make LaBrea tie itself to eth0 (just in case it thinks eth1 is default)
-l logs to syslog
-v Verbosely log activity to syslog
(what's the difference to the previous two? I would think logging
Verbosely would log everything including what the -l flag would log)
-p limit bytes per second to 80000
-z USEZFLAG defined (the default) (took me a bit to find this one)
-x does not capture IP address - this is good!
-F specify BPF file to read from
So as I understand this, starting LaBrea from the terminal I would type
LaBrea -i eth0 -l -v -p 80000 -z -x -F /etc/LaBrea.bpf
Seems to me there is another way of starting this or another package
from a init script or something (going by the line above which reads
OPTIONS="-i .... that looks like in comes out of a conf file)
but I have not figured that much out yet with Linux! Maybe by editing
etc/init.d/LaBrea ??
> - Stop the interface from running in promiscuous mode. Edit
> /etc/init.d/LaBrea, and add a minus "-" in front of the promisc flag for the
> ifconfig command. It should now read: "ifconfig eth0 -promisc"
Question about this Charles, on your web site you give instructions on how to
keeping it running in promiscuous mode. But here you state to stop it from
running in promiscuous mode.
What does running in promiscuous mode mean?
>From what I can tell, (using Charles example) my /etc/LaBrea.bpf would read
dst host 24.118.176.41
and tcp[2:2] & 0xfc00 == 0
and not dst port (22)
I only use ssh (internally, not from outside the house so do I still need to
specify line three here?) and no other forwarding services, unless weblet.lrp
would be considered a service, again I only use weblet internally. I do not
access weblet or ssh from "outside" my home network.
>1. Write the first portion of your filter (up to the IP address) into a
>file (i.e. /etc/LaBrea.tmp) - contents for mine would be:
>
>tcp dst port 80 or 21 and dst host
Let me state what I see the differences are between Charles and Simons ideas
here, both agree on what the dst host should be which is the IP of eth0.
Charles is including tcp ports <1024 which means he is including line 3
in his example.
Simon only wants to check ports 80 and 21, thus he would not need line 3 of
Charles example.
Am I right or am I missing something here?
>2. Create a script (i.e. /etc/ipupdate) that writes the filter and checks
>the IP of the external interface (eth0 on my box, change if needed). The
>script's contents should look like this:
>
>#Creates /etc/LaBrea.bpf
>#!/bin/sh
>cat /etc/LaBrea.tmp > /etc/LaBrea.bpf
>ip addr show eth0 | grep "inet " | sed s/" "// | cut -d' ' -f 2 | cut
>-d'/' -f1 >> /etc/LaBrea.bpf
>#Done
>
>(that should only be 2 lines - not 3 - the second line wrapped)
Simon, if I were to create /etc/LaBrea.bpf using Charles example of three
lines
instead of what you appear to be using as one line, would your script
work? That is by first creating /etc/LaBrea.tmp which would read
dst host
and tcp[2:2] & 0xfc00 == 0
and not dst port (22)
The reason I ask this is because when writing Lisp code, if the code needs
to read from or write to an another file, I know you have to specify
in the code which line of text/code you want to work with.
>4. Edit the dhclient-exit-hooks to with the following changes:
>
># Reload networking to see new address
> reload_all
>
>Add a few lines so you have
>
># Reload networking to see new address
> reload_all
> /etc/ipupdate
> svi LaBrea stop
> svi LaBrea start
My question about this Simon, is when dhclient-exit-hooks runs and comes
up to svi LaBrea start, it seems that the options are not included and
LaBrea will run without any options, specifically the -x option at a
bare minimum is needed. Maybe this has something to do about my question
above concerning how to start LaBrea from a init script.
One last concern I am thinking about, is that maybe I should contact my ISP
and let them know that I am considering to use LaBrea.
Is this a good or bad idea?
I am catching on though! I basically "attack" or learn things about using
Linux when I need to actually use something ie, init scripts and such.
Again, Thank you for your help.
Steve
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
