[EMAIL PROTECTED] wrote:
>
> Howdy.
> Well I have ipchains/Masq setup on my Linux box now but it will take a
> while until I master all the various ipchains rules.
>
> Until I do, is there a simple way of me being able to monitor all
> ports on my system for potential security breaches ?
>
> I'll find out eventually how to protect myself better but for now all
> I want to do is monitor suspicious activity not prevent it.
You can let SAINT scan your ports for you and tell you what's not right.
You can run tcplogd to alarm you of portscans and so on.
You can insert a logging rule at the end of the (policy: REJECT/DENY)
input/output/forwarding chains, to log all rejected packets
$ ipchains -A input -l
$ ipchains -A output -l
$ ipchains -A forward -l
then regularly grep your syslog with
$ grep -i "packet log" <your-syslog-file>
Marc
--
Marc Mutz <[EMAIL PROTECTED]> http://marc.mutz.com/Encryption-HOWTO/
University of Bielefeld, Dep. of Mathematics / Dep. of Physics
PGP-keyID's: 0xd46ce9ab (RSA), 0x7ae55b9e (DSS/DH)
