Re: help needed with firewall logging ..please
On Mon, Feb 09, 2004 at 08:21:15PM -0800, Jeff wrote: suhail, 2004-Feb-09 15:15 -0800: [snip] Now how do i actually find out if the packets are being dropped. i.e where shud I chk my system log files to see the dropped packets ... I mean which file is it n under which dir .. The logging done as shown above goes to syslog. I use syslog-ng and filter the firewall log messages into a separate file. Look in /var/log/messages. -- Michael Wood [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: help needed with firewall logging ..please
On Mon, Feb 09, 2004 at 08:21:15PM -0800, Jeff wrote: suhail, 2004-Feb-09 15:15 -0800: [snip] Now how do i actually find out if the packets are being dropped. i.e where shud I chk my system log files to see the dropped packets ... I mean which file is it n under which dir .. The logging done as shown above goes to syslog. I use syslog-ng and filter the firewall log messages into a separate file. Look in /var/log/messages. -- Michael Wood [EMAIL PROTECTED]
Re: help needed with firewall logging ..please
suhail, 2004-Feb-09 15:15 -0800: Hello, I need to know how can a firewall be tested against a SYN Flooder. I have the SYN flooder program and also configured my firewall. My IPtables script against the SYN packets is the usual : $IPTABLES -N syn-flood $IPTABLES -A syn-flood -m limit --limit 50/s --limit-burst 104 -j RETURN One way is to add a line here like the following: $IPTABLES -A syn-flood -j LOG --log-prefix SYN-flood: This will log each packet before the next rule with drops it. The logging will go to syslog with the above prefix prepended. $IPTABLES -A syn-flood -j DROP $IPTABLES -A OUTPUT -p tcp --syn -j syn-flood Now how do i actually find out if the packets are being dropped. i.e where shud I chk my system log files to see the dropped packets ... I mean which file is it n under which dir .. The logging done as shown above goes to syslog. I use syslog-ng and filter the firewall log messages into a separate file. And.. where shud I add the LOG prefix in the chains ? Please help me out as i desperately need to know this. Help truly appreciated. The prefix is shown above. jc -- Jeff CoppockSystems Engineer Diggin' Debian Admin and User -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] From [EMAIL PROTECTED] Mon Feb 09 21:22:59 2004 Return-path: [EMAIL PROTECTED] Envelope-to: [EMAIL PROTECTED] Received: from intm-dl.sparklist.com ([64.62.197.83]) by toko.jab.org with smtp (Exim 3.36 #1 (Debian)) id 1AqQMN-0008JP-00 for [EMAIL PROTECTED]; Mon, 09 Feb 2004 21:22:59 -0800 Date: Mon, 9 Feb 2004 23:26:44 -0500 Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii From: Doug R [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [isp-wireless] Re: Is Nextel going to control our market? X-Mailer: IMail v8.05 List-Unsubscribe: mailto:[EMAIL PROTECTED] How about - Everyone thinks that cellular prices will drop now that you can keep your number. -- Original Message -- From: Tom DeReggi [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Mon, 9 Feb 2004 10:31:44 -0500 To me it sounds like the Flarion is a neat product, and Nextel is on its way to Wireless Data. However, Don't forget the past. Everyone thought Cometa was going to take over the world. Everyone thought Verizon was going to take over the world. Everyone thought 3G, 4G was going to take over roaming. Numerous vendors have claimed they would have HotSPots in 2000,5000, 10,000 loaction by years end, year after year. ___ The ISP-WIRELESS Discussion List ___ To Join: mailto:[EMAIL PROTECTED] To Remove: mailto:[EMAIL PROTECTED] Archives: http://isp-lists.isp-planet.com/isp-wireless/archives/ To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
help needed with firewall logging ..please
Hello,I need to know how can a firewall be tested against a SYN Flooder. Ihave the SYN flooder program and also configured my firewall. MyIPtables script against the SYN packets is the usual : $IPTABLES -N syn-flood$IPTABLES -A syn-flood -m limit --limit 50/s --limit-burst 104 -j RETURN$IPTABLES -A syn-flood -j DROP $IPTABLES -A OUTPUT -p tcp --syn -jsyn-floodNow how do i actually find out if the packets are being dropped. i.e where shud I chk my system log files to see the dropped packets ...I mean which file is it n under which dir .. And.. where shud I add the LOG prefix in the chains ? Please help me out as i desperately need to know this. Help trulyappreciated. Thanks .Suhail. Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online
help needed with firewall logging ..please
Hello,I need to know how can a firewall be tested against a SYN Flooder. Ihave the SYN flooder program and also configured my firewall. MyIPtables script against the SYN packets is the usual : $IPTABLES -N syn-flood$IPTABLES -A syn-flood -m limit --limit 50/s --limit-burst 104 -j RETURN$IPTABLES -A syn-flood -j DROP $IPTABLES -A OUTPUT -p tcp --syn -jsyn-floodNow how do i actually find out if the packets are being dropped. i.e where shud I chk my system log files to see the dropped packets ...I mean which file is it n under which dir .. And.. where shud I add the LOG prefix in the chains ? Please help me out as i desperately need to know this. Help trulyappreciated. Thanks .Suhail. Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online
Re: help needed with firewall logging ..please
suhail, 2004-Feb-09 15:15 -0800: Hello, I need to know how can a firewall be tested against a SYN Flooder. I have the SYN flooder program and also configured my firewall. My IPtables script against the SYN packets is the usual : $IPTABLES -N syn-flood $IPTABLES -A syn-flood -m limit --limit 50/s --limit-burst 104 -j RETURN One way is to add a line here like the following: $IPTABLES -A syn-flood -j LOG --log-prefix SYN-flood: This will log each packet before the next rule with drops it. The logging will go to syslog with the above prefix prepended. $IPTABLES -A syn-flood -j DROP $IPTABLES -A OUTPUT -p tcp --syn -j syn-flood Now how do i actually find out if the packets are being dropped. i.e where shud I chk my system log files to see the dropped packets ... I mean which file is it n under which dir .. The logging done as shown above goes to syslog. I use syslog-ng and filter the firewall log messages into a separate file. And.. where shud I add the LOG prefix in the chains ? Please help me out as i desperately need to know this. Help truly appreciated. The prefix is shown above. jc -- Jeff CoppockSystems Engineer Diggin' Debian Admin and User