I get hundreds of port scans per day and I'm sure most of them have spoofed the src address. Know your firewall and trust it, that's all you can do.
If you insist, just run tcpdump which sees the packets prior to netfilter and filter the output thru grep looking for ip's or ports. Michael Bacon <[EMAIL PROTECTED]> on 11/25/2002 12:17:49 PM To: [EMAIL PROTECTED] cc: (bcc: Phillip Watts/austin/Nlynx) Subject: [leaf-user] tcpdump of blocked packets? I'm using port sentry on my LRP box. The otherday it blocked someone attempting to access port 1080 (not used), then port 25(redirect to our mail server). He came back the next day and tried port 25 again, but he was still blocked by the firewall rules. I thought I read somewhere there is a way to capture via tcpdump some of the packet information and write it to a file or syslog when a packet is dropped. Is this possible? Can someone point me in a direction for research? I'm feeling uneasy that I don't know what this person was/is attempting. Thank you in advance. Michael Bacon [EMAIL PROTECTED] Network Admin. Valley Medical Center, PPLC THE INFORMATION CONTAINED IN THIS E-MAIL IS CONFIDENTIAL AND INTENDED ONLY FOR THE USE OF THE INDIVIDUAL TO WHOM IT IS ADDRESSED. IF YOU ARE NOT THE INTENDED RECIPIENT, YOU ARE HEREBY NOTIFIED THAT ANY USE, DISSEMINATION, DISTRIBUTION OR COPYING OF THIS COMMUNICATION IS PROHIBITED. IF YOU HAVE RECEIVED THIS E-MAIL IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER BY RETURN E-MAIL OR CALL VALLEY MEDICAL CENTER, PLLC AT 1-888-884-4155, EXT 6203 AND DELETE THIS E-MAIL, ANY ATTACHMENTS, AND ALL COPIES. ------------------------------------------------------- This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
