Patrick, To answer your first question about the warning lights, if you are using a cable modem, this is normal because of the cable modem works. Your broadband provider rountinely talks to your modem to determine if it's still there. These messages can appear as hits.
To be sure when the firewall light is red, click on it. Then sort the hits by IP address. Most of the time you will notice that the majority of hits comes from several machines on the same domain 123.123.xxx.xxx. These are most likely your broadband provider servers. To be sure, you can look up the owner. I use www.arin.net. Enter some of the addresses in the search prompt and it should return the owner. Usually this appears like: Broadband company 123.123.1.1-123.127.255.255 etc. About your second question: Bering 1.0-rc3 had a bug in it where the logs were not being saved. There are two solutions: 1) Jacques posted a fix on leaf.sourceforge.net under the Bering 1.0-rc3 messages. 2) Upgrade to a higher version of Bering. rc4 and stable are good candidates. About your third question: I really don't think anyone is erasing your log files. But if you really are paranoid about some accessing your firewall, you can write-protect your floppies so that the intruder can't really change your configuration permanently. A little paranoia is a healthy thing. To get to your log files, you will need the sftp.lrp module. Configure it then save your changes to your floppies. On another machine set up a cron job to routinely sftp into your firewall and get the logs. Minh ------------------------------------------------------ Message: 11 Reply-To: <[EMAIL PROTECTED]> From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Date: Wed, 27 Nov 2002 07:15:09 -0600 Subject: [leaf-user] Missing Logs ??? Hello :) I finally got everything set up (fixed my problems with the 1680 disks, used my new computer's floppy drive to write & used new disks I just bought). Even got 1 of my eth cards working I was having problems with. I've got to say the firewall is great, had a friend run nmap against me & he couldn't find anything. I'm currently running Bering 1.0 rc3 & have been using the smaller version of weblet. My problem is that for some reason after a couple days of being up, both the Firewall & RAM Disk traffic lights end up being red &/or yellow, sometimes I can see stuff in the logs & other times it doesn't seem to have anyting in the logs. Then after another day or 2 all 3 lights are green! & there's absolutely nothing in any of the logs I've checked, there's not even anything in any of the backup logs... Even after I connect to DALnet (which does close to 40-50 hits to make sure you don't have any vulnerability spots) I still got nothing in the logs. What gives? Any help would be appreciated as I've had fun recently going through alot of security info & finding out why all the hits & what people are trying to find. Not to mention I'd like to find out if this really is someone cracking my firewall & erasing all the logs! Which brings me to another point... where can I find some docs on setting up my leaf box so that it sends all it's logs to another computer? One of the security measures I found somewhere suggested having all your machines write their logs to 1 dedicated log computer, making it harder for crackers to erase their crack thanks! Patrick __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
