Re: help needed with firewall logging ..please

2004-02-09 Thread Jeff 
suhail, 2004-Feb-09 15:15 -0800:
> Hello,

> I need to know how can a firewall be tested against a SYN Flooder. I
> have the SYN flooder program and also configured my firewall. My
> IPtables script against the SYN packets is the usual :
>
> > $IPTABLES -N syn-flood
> > $IPTABLES -A syn-flood -m limit --limit 50/s --limit-burst 104 -j RETURN

One way is to add a line here like the following:

$IPTABLES -A syn-flood -j LOG --log-prefix "SYN-flood: "

This will log each packet before the next rule with drops it. The
logging will go to syslog with the above prefix prepended.

> > $IPTABLES -A syn-flood -j DROP
> > $IPTABLES -A OUTPUT -p tcp --syn -j syn-flood
>
> Now how do i actually find out if the packets are being dropped.
> i.e where shud I chk my system log files to see the dropped packets
> ... I mean which file is it n under which dir ..

The logging done as shown above goes to syslog.  I use syslog-ng and
filter the firewall log messages into a separate file.

> And.. where shud I add the LOG prefix in the chains ?
> Please help me out as i desperately need to know this. Help truly 
> appreciated. 

The prefix is shown above.

jc

-- 
Jeff CoppockSystems Engineer
Diggin' Debian  Admin and User

Re: help needed with firewall logging ..please

2004-02-09 Thread Jeff 
suhail, 2004-Feb-09 15:15 -0800:
> Hello,

> I need to know how can a firewall be tested against a SYN Flooder. I
> have the SYN flooder program and also configured my firewall. My
> IPtables script against the SYN packets is the usual :
>
> > $IPTABLES -N syn-flood
> > $IPTABLES -A syn-flood -m limit --limit 50/s --limit-burst 104 -j RETURN

One way is to add a line here like the following:

$IPTABLES -A syn-flood -j LOG --log-prefix "SYN-flood: "

This will log each packet before the next rule with drops it. The
logging will go to syslog with the above prefix prepended.

> > $IPTABLES -A syn-flood -j DROP
> > $IPTABLES -A OUTPUT -p tcp --syn -j syn-flood
>
> Now how do i actually find out if the packets are being dropped.
> i.e where shud I chk my system log files to see the dropped packets
> ... I mean which file is it n under which dir ..

The logging done as shown above goes to syslog.  I use syslog-ng and
filter the firewall log messages into a separate file.

> And.. where shud I add the LOG prefix in the chains ?
> Please help me out as i desperately need to know this. Help truly appreciated. 

The prefix is shown above.

jc

-- 
Jeff CoppockSystems Engineer
Diggin' Debian  Admin and User


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]


From [EMAIL PROTECTED] Mon Feb 09 21:22:59 2004
Return-path: <[EMAIL PROTECTED]>
Envelope-to: [EMAIL PROTECTED]
Received: from intm-dl.sparklist.com ([64.62.197.83])
by toko.jab.org with smtp (Exim 3.36 #1 (Debian))
id 1AqQMN-0008JP-00
for <[EMAIL PROTECTED]>; Mon, 09 Feb 2004 21:22:59 -0800
Date: Mon,  9 Feb 2004 23:26:44 -0500
Message-Id: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "Doug R" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [isp-wireless] Re: Is Nextel going to control our market?
X-Mailer: 
List-Unsubscribe: 

How about -
Everyone thinks that cellular prices will drop now that you can keep your number.


-- Original Message --
From: "Tom DeReggi" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Mon, 9 Feb 2004 10:31:44 -0500

>To me it sounds like the Flarion is a neat product, and Nextel is on its way
>to Wireless Data.
>
>However, Don't forget the past.
>Everyone thought Cometa was going to take over the world.
>Everyone thought Verizon was going to take over the world.
>Everyone thought 3G, 4G was going to take over roaming.
>Numerous vendors have claimed they would have HotSPots in 2000,5000, 10,000
>loaction by years end, year after year.
> 
   


___  The ISP-WIRELESS Discussion List  ___
To Join: mailto:[EMAIL PROTECTED]
To Remove: mailto:[EMAIL PROTECTED]
Archives: http://isp-lists.isp-planet.com/isp-wireless/archives/
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016

Please include the email address which you have been contacted with.

help needed with firewall logging ..please

2004-02-09 Thread suhail 


Hello,I need to know how can a firewall be tested against a SYN Flooder. I have the SYN flooder program and also configured my firewall. My IPtables script against the SYN packets is the usual : > $IPTABLES -N syn-flood> $IPTABLES -A syn-flood -m limit --limit 50/s --limit-burst 104 -j RETURN> $IPTABLES -A syn-flood -j DROP
> $IPTABLES -A OUTPUT -p tcp --syn -j syn-flood Now how do i actually find out if the packets are being dropped.  i.e where shud I chk my system log files to see the dropped packets ... I mean which file is it n under which dir ..
And.. where shud I add the LOG prefix in the chains ?
Please help me out as i desperately need to know this. Help truly appreciated. Thanks .Suhail.
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online

help needed with firewall logging ..please

2004-02-09 Thread suhail 


Hello,I need to know how can a firewall be tested against a SYN Flooder. I have the SYN flooder program and also configured my firewall. My IPtables script against the SYN packets is the usual : > $IPTABLES -N syn-flood> $IPTABLES -A syn-flood -m limit --limit 50/s --limit-burst 104 -j RETURN> $IPTABLES -A syn-flood -j DROP
> $IPTABLES -A OUTPUT -p tcp --syn -j syn-flood Now how do i actually find out if the packets are being dropped.  i.e where shud I chk my system log files to see the dropped packets ... I mean which file is it n under which dir ..
And.. where shud I add the LOG prefix in the chains ?
Please help me out as i desperately need to know this. Help truly appreciated. Thanks .Suhail.
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online

Re: security.debian.org

2004-02-09 Thread Neil McGovern 
On Mon, Feb 09, 2004 at 06:17:01PM +0100, Konstantin Filtschew wrote:
> security.debian.org seems to be down

[EMAIL PROTECTED]:~$ ping security.debian.org
PING security.debian.org (130.89.175.33): 56 data bytes
64 bytes from 130.89.175.33: icmp_seq=0 ttl=51 time=68.8 ms
64 bytes from 130.89.175.33: icmp_seq=1 ttl=51 time=15.5 ms
64 bytes from 130.89.175.33: icmp_seq=2 ttl=51 time=15.0 ms
64 bytes from 130.89.175.33: icmp_seq=3 ttl=51 time=15.9 ms
64 bytes from 130.89.175.33: icmp_seq=4 ttl=51 time=15.5 ms

--- security.debian.org ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 15.0/26.1/68.8 ms

Also see http://www.debian.org/News/2004/20040202

HTH,
Neil
-- 
A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li 8DEC67C5

Re: security.debian.org

2004-02-09 Thread Neil McGovern 
On Mon, Feb 09, 2004 at 06:17:01PM +0100, Konstantin Filtschew wrote:
> security.debian.org seems to be down

[EMAIL PROTECTED]:~$ ping security.debian.org
PING security.debian.org (130.89.175.33): 56 data bytes
64 bytes from 130.89.175.33: icmp_seq=0 ttl=51 time=68.8 ms
64 bytes from 130.89.175.33: icmp_seq=1 ttl=51 time=15.5 ms
64 bytes from 130.89.175.33: icmp_seq=2 ttl=51 time=15.0 ms
64 bytes from 130.89.175.33: icmp_seq=3 ttl=51 time=15.9 ms
64 bytes from 130.89.175.33: icmp_seq=4 ttl=51 time=15.5 ms

--- security.debian.org ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 15.0/26.1/68.8 ms

Also see http://www.debian.org/News/2004/20040202

HTH,
Neil
-- 
A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li 8DEC67C5


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

security.debian.org

2004-02-09 Thread Konstantin Filtschew 
to the admins:

security.debian.org seems to be down

Greetz

Konstantin

security.debian.org

2004-02-09 Thread Konstantin Filtschew 
to the admins:

security.debian.org seems to be down

Greetz

Konstantin


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Auction R.S. Brookes

2004-02-09 Thread Clarke Fussells 
Title: Untitled Document





  

  


  

  
AUCTION
  ON INSTRUCTIONS OF R F BROOKES (FOXHILL FOODS LTD) 10th March
  2004 10.30am 
The
  Wern Industrial Estate. Rogerstone. Newport. NP10 9FQ FOLLOWING
  THE CLOSURE OF THEIR ROGERSTONE, NEWPORT PLANT APPROX. 1000
  LOTS OF PRIMARY PROCESSING AND COMPLETE READY MEALS PLANT, PACKAGING
  EQUIPMENT AND REFRIGERATION 
THIS
  IS PROBABLY WITHOUT DOUBT THE MOST IMPORTANT AUCTION TO HAPPEN
  IN THE UK THIS YEAR. THE PLANT PRIMARY COMPRISES OF
Complete
  all stainless steel mashed potato plant with blanchers, peelers,
  emulsifiers and mixers * Complete forming battering crumbing
  and frying lines Formax, Koppens and Stein * Refrigeration equipment
  throughout the plant * Complete make up lines * Cooking and
  cooling vessels some with scrape surface mixing * Spiral mixers
  * Urschel Gs, SLAs and Comitrols * Tray sealing machines rotary
  and inline * Numerous depositors by Turbo Baynflax etc some
  with screw augers some low level * Click-lock and Jacob White
  carton erectors * Complete pasta cooking lines and extruders
  * Label applicators * Metal detectors and check weighers * Multi
  head weighers Bilwenko etc * Nitrogen freezing tunnels * Box
  tapers * Lazy Susans * Multivac machines * Silverson mixers
  * Tray washers * Scales * fridge doors * Automatic Dip tanks
  * Stainless steel trolleys * Slicers * Laska and other all stainless
  steel bowl cutters * B6 and One All slicers * Complete contents
  of canteen * Sanitising air lock systems * Grote slicers * Waste
  compactors * Roll on roll off scales * Risco and other front
  end discharge mixers * Fuji and Ilapak flowrappers * Rack washers
  * Rondo pastry rollers * Mixer grinders * Automatic floor scrubbers
  * D C Norris vacuum cooling cooking systems with darlecs * Fully
  equipped laundry room * Grazelli and Maja derinders * Insectocuters
  * Batter mixers * Swissvac Jumbo and Transvac and double chamber
  vacuum packers * Icemakers * Stein batter crumbers and power
  packs * AEW and Biro bandsaws of various sizes * Complete contents
  of engineers workshop and stores * Complete contents of test
  kitchen and product development * Koppens filters * Batter enrobers
  * Sealpack tray sealers * Delford flowrappers and check weighers
  * Scrape surface mixers with cooling systems * Boot washers
  * Domino and Lincs inkjet printers * Trief and Holac dicers
  * Pizza machines * X-ray machines * Vemag vacuum stuffers latest
  model.
If
  you are a food processor we believe that this is an auction
  you cannot afford to miss. Everything must go. For full catalogue
  and colour flyer contact the auctioneers:-
CLARKE
  FUSSELLS
  
  TEL: 0845 602 4506 FAX : 0845 280 2570 
  Email: [EMAIL PROTECTED]
  Website: www.clarke-fussells.co.uk
  


  

 
  

  


  

  To unsubscribe please click here

  

 

Auction R.S. Brookes

2004-02-09 Thread Clarke Fussells 
Title: Untitled Document





  

  


  

  
AUCTION
  ON INSTRUCTIONS OF R F BROOKES (FOXHILL FOODS LTD) 10th March
  2004 10.30am 
The
  Wern Industrial Estate. Rogerstone. Newport. NP10 9FQ FOLLOWING
  THE CLOSURE OF THEIR ROGERSTONE, NEWPORT PLANT APPROX. 1000
  LOTS OF PRIMARY PROCESSING AND COMPLETE READY MEALS PLANT, PACKAGING
  EQUIPMENT AND REFRIGERATION 
THIS
  IS PROBABLY WITHOUT DOUBT THE MOST IMPORTANT AUCTION TO HAPPEN
  IN THE UK THIS YEAR. THE PLANT PRIMARY COMPRISES OF
Complete
  all stainless steel mashed potato plant with blanchers, peelers,
  emulsifiers and mixers * Complete forming battering crumbing
  and frying lines Formax, Koppens and Stein * Refrigeration equipment
  throughout the plant * Complete make up lines * Cooking and
  cooling vessels some with scrape surface mixing * Spiral mixers
  * Urschel Gs, SLAs and Comitrols * Tray sealing machines rotary
  and inline * Numerous depositors by Turbo Baynflax etc some
  with screw augers some low level * Click-lock and Jacob White
  carton erectors * Complete pasta cooking lines and extruders
  * Label applicators * Metal detectors and check weighers * Multi
  head weighers Bilwenko etc * Nitrogen freezing tunnels * Box
  tapers * Lazy Susans * Multivac machines * Silverson mixers
  * Tray washers * Scales * fridge doors * Automatic Dip tanks
  * Stainless steel trolleys * Slicers * Laska and other all stainless
  steel bowl cutters * B6 and One All slicers * Complete contents
  of canteen * Sanitising air lock systems * Grote slicers * Waste
  compactors * Roll on roll off scales * Risco and other front
  end discharge mixers * Fuji and Ilapak flowrappers * Rack washers
  * Rondo pastry rollers * Mixer grinders * Automatic floor scrubbers
  * D C Norris vacuum cooling cooking systems with darlecs * Fully
  equipped laundry room * Grazelli and Maja derinders * Insectocuters
  * Batter mixers * Swissvac Jumbo and Transvac and double chamber
  vacuum packers * Icemakers * Stein batter crumbers and power
  packs * AEW and Biro bandsaws of various sizes * Complete contents
  of engineers workshop and stores * Complete contents of test
  kitchen and product development * Koppens filters * Batter enrobers
  * Sealpack tray sealers * Delford flowrappers and check weighers
  * Scrape surface mixers with cooling systems * Boot washers
  * Domino and Lincs inkjet printers * Trief and Holac dicers
  * Pizza machines * X-ray machines * Vemag vacuum stuffers latest
  model.
If
  you are a food processor we believe that this is an auction
  you cannot afford to miss. Everything must go. For full catalogue
  and colour flyer contact the auctioneers:-
CLARKE
  FUSSELLS
  
  TEL: 0845 602 4506 FAX : 0845 280 2570 
  Email: [EMAIL PROTECTED]
  Website: www.clarke-fussells.co.uk
  


  

 
  

  


  

  To unsubscribe please click here

  

 

Re: cflows and debian

2004-02-09 Thread Anibal Monsalve Salazar 
On Mon, Feb 09, 2004 at 02:22:02PM +1100, Ralph Jenkin wrote:
>I don't know of any cflowd packages, but from what I can tell cflowd is dead 
>(or at least quite dormant) upstream (last release Oct 2000).
>
>When I was last monitoring flow data we changed over the software from cflowd 
>to flow-tools, which is packaged in sarge/sid these days. This was mostly 
>because cflowd had some bugs which presented themselves when used in 
>combination with flowscan (a nifty flow analysing tool which is packaged for 
>sid), and in lieu of any kind of fix in cflowd, flowscan's author recommended 
>using flow-tools.

I've debian packages for fprobe [0], flow-tools [1] and flowscan [2].
Please feel free to contribute patches to improve them. Bug reports are
also welcome.

>That said, I'm not sure if flow-tools can be made to do the flow aggregation 
>that cflowd performs, so this may not be of much use to you.
>
>Googling about it looks like Chris Cheney was talking about packaging arts++ 
>and cflowd, but given he's now up to his armpits in maintaining KDE packages 
>I guess that's probably not going to happen.
>
>I'll stop rambling now I think...
>
>On Monday February 9 2004 11:12, Dale Amon wrote:
>> Does anyone know where I can find a cflowd package?

Sure. See fprobe [0], flow-tools [1] and flowscan [2].

[0] http://packages.debian.org/unstable/net/fprobe
[1] http://packages.debian.org/unstable/net/flow-tools
[2] http://packages.debian.org/unstable/net/flowscan

>> --
>> --
>>Dale Amon [EMAIL PROTECTED]+44-7802-188325
>>International linux systems consultancy
>>  Hardware & software system design, security
>> and networking, systems programming and Admin
>>"Have Laptop, Will Travel"
>> --

Anibal Monsalve Salazar
--
 .''`.  Debian GNU/Linux  | Building 28C
: :' :  Free Operating System | Monash University VIC 3800
`. `'   http://debian.org/| Australia
  `-  |



pgpHhUOCgnXan.pgp
Description: PGP signature

Re: cflows and debian

2004-02-09 Thread Anibal Monsalve Salazar 
On Mon, Feb 09, 2004 at 02:22:02PM +1100, Ralph Jenkin wrote:
>I don't know of any cflowd packages, but from what I can tell cflowd is dead 
>(or at least quite dormant) upstream (last release Oct 2000).
>
>When I was last monitoring flow data we changed over the software from cflowd 
>to flow-tools, which is packaged in sarge/sid these days. This was mostly 
>because cflowd had some bugs which presented themselves when used in 
>combination with flowscan (a nifty flow analysing tool which is packaged for 
>sid), and in lieu of any kind of fix in cflowd, flowscan's author recommended 
>using flow-tools.

I've debian packages for fprobe [0], flow-tools [1] and flowscan [2].
Please feel free to contribute patches to improve them. Bug reports are
also welcome.

>That said, I'm not sure if flow-tools can be made to do the flow aggregation 
>that cflowd performs, so this may not be of much use to you.
>
>Googling about it looks like Chris Cheney was talking about packaging arts++ 
>and cflowd, but given he's now up to his armpits in maintaining KDE packages 
>I guess that's probably not going to happen.
>
>I'll stop rambling now I think...
>
>On Monday February 9 2004 11:12, Dale Amon wrote:
>> Does anyone know where I can find a cflowd package?

Sure. See fprobe [0], flow-tools [1] and flowscan [2].

[0] http://packages.debian.org/unstable/net/fprobe
[1] http://packages.debian.org/unstable/net/flow-tools
[2] http://packages.debian.org/unstable/net/flowscan

>> --
>> --
>>Dale Amon [EMAIL PROTECTED]+44-7802-188325
>>International linux systems consultancy
>>  Hardware & software system design, security
>> and networking, systems programming and Admin
>>"Have Laptop, Will Travel"
>> --

Anibal Monsalve Salazar
--
 .''`.  Debian GNU/Linux  | Building 28C
: :' :  Free Operating System | Monash University VIC 3800
`. `'   http://debian.org/| Australia
  `-  |



pgp0.pgp
Description: PGP signature