Re: help needed with firewall logging ..please

2004-02-10 Thread Michael Wood 
On Mon, Feb 09, 2004 at 08:21:15PM -0800, Jeff wrote:
 suhail, 2004-Feb-09 15:15 -0800:
[snip]
  Now how do i actually find out if the packets are being dropped.
  i.e where shud I chk my system log files to see the dropped packets
  ... I mean which file is it n under which dir ..
 
 The logging done as shown above goes to syslog.  I use syslog-ng and
 filter the firewall log messages into a separate file.

Look in /var/log/messages.

-- 
Michael Wood [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: help needed with firewall logging ..please

2004-02-10 Thread Michael Wood 
On Mon, Feb 09, 2004 at 08:21:15PM -0800, Jeff wrote:
 suhail, 2004-Feb-09 15:15 -0800:
[snip]
  Now how do i actually find out if the packets are being dropped.
  i.e where shud I chk my system log files to see the dropped packets
  ... I mean which file is it n under which dir ..
 
 The logging done as shown above goes to syslog.  I use syslog-ng and
 filter the firewall log messages into a separate file.

Look in /var/log/messages.

-- 
Michael Wood [EMAIL PROTECTED]

Re: help needed with firewall logging ..please

2004-02-09 Thread Jeff 
suhail, 2004-Feb-09 15:15 -0800:
 Hello,

 I need to know how can a firewall be tested against a SYN Flooder. I
 have the SYN flooder program and also configured my firewall. My
 IPtables script against the SYN packets is the usual :

  $IPTABLES -N syn-flood
  $IPTABLES -A syn-flood -m limit --limit 50/s --limit-burst 104 -j RETURN

One way is to add a line here like the following:

$IPTABLES -A syn-flood -j LOG --log-prefix SYN-flood: 

This will log each packet before the next rule with drops it. The
logging will go to syslog with the above prefix prepended.

  $IPTABLES -A syn-flood -j DROP
  $IPTABLES -A OUTPUT -p tcp --syn -j syn-flood

 Now how do i actually find out if the packets are being dropped.
 i.e where shud I chk my system log files to see the dropped packets
 ... I mean which file is it n under which dir ..

The logging done as shown above goes to syslog.  I use syslog-ng and
filter the firewall log messages into a separate file.

 And.. where shud I add the LOG prefix in the chains ?
 Please help me out as i desperately need to know this. Help truly appreciated. 

The prefix is shown above.

jc

-- 
Jeff CoppockSystems Engineer
Diggin' Debian  Admin and User


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]


From [EMAIL PROTECTED] Mon Feb 09 21:22:59 2004
Return-path: [EMAIL PROTECTED]
Envelope-to: [EMAIL PROTECTED]
Received: from intm-dl.sparklist.com ([64.62.197.83])
by toko.jab.org with smtp (Exim 3.36 #1 (Debian))
id 1AqQMN-0008JP-00
for [EMAIL PROTECTED]; Mon, 09 Feb 2004 21:22:59 -0800
Date: Mon,  9 Feb 2004 23:26:44 -0500
Message-Id: [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: Doug R [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [isp-wireless] Re: Is Nextel going to control our market?
X-Mailer: IMail v8.05
List-Unsubscribe: mailto:[EMAIL PROTECTED]

How about -
Everyone thinks that cellular prices will drop now that you can keep your number.


-- Original Message --
From: Tom DeReggi [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date:  Mon, 9 Feb 2004 10:31:44 -0500

To me it sounds like the Flarion is a neat product, and Nextel is on its way
to Wireless Data.

However, Don't forget the past.
Everyone thought Cometa was going to take over the world.
Everyone thought Verizon was going to take over the world.
Everyone thought 3G, 4G was going to take over roaming.
Numerous vendors have claimed they would have HotSPots in 2000,5000, 10,000
loaction by years end, year after year.
 
   


___  The ISP-WIRELESS Discussion List  ___
To Join: mailto:[EMAIL PROTECTED]
To Remove: mailto:[EMAIL PROTECTED]
Archives: http://isp-lists.isp-planet.com/isp-wireless/archives/
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016

Please include the email address which you have been contacted with.

help needed with firewall logging ..please

2004-02-09 Thread suhail 


Hello,I need to know how can a firewall be tested against a SYN Flooder. Ihave the SYN flooder program and also configured my firewall. MyIPtables script against the SYN packets is the usual :  $IPTABLES -N syn-flood$IPTABLES -A syn-flood -m limit --limit 50/s --limit-burst 104 -j RETURN$IPTABLES -A syn-flood -j DROP
$IPTABLES -A OUTPUT -p tcp --syn -jsyn-floodNow how do i actually find out if the packets are being dropped. i.e where shud I chk my system log files to see the dropped packets ...I mean which file is it n under which dir ..
And.. where shud I add the LOG prefix in the chains ?
Please help me out as i desperately need to know this. Help trulyappreciated. Thanks .Suhail.
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online

help needed with firewall logging ..please

2004-02-09 Thread suhail 


Hello,I need to know how can a firewall be tested against a SYN Flooder. Ihave the SYN flooder program and also configured my firewall. MyIPtables script against the SYN packets is the usual :  $IPTABLES -N syn-flood$IPTABLES -A syn-flood -m limit --limit 50/s --limit-burst 104 -j RETURN$IPTABLES -A syn-flood -j DROP
$IPTABLES -A OUTPUT -p tcp --syn -jsyn-floodNow how do i actually find out if the packets are being dropped. i.e where shud I chk my system log files to see the dropped packets ...I mean which file is it n under which dir ..
And.. where shud I add the LOG prefix in the chains ?
Please help me out as i desperately need to know this. Help trulyappreciated. Thanks .Suhail.
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online

Re: help needed with firewall logging ..please

2004-02-09 Thread Jeff 
suhail, 2004-Feb-09 15:15 -0800:
 Hello,

 I need to know how can a firewall be tested against a SYN Flooder. I
 have the SYN flooder program and also configured my firewall. My
 IPtables script against the SYN packets is the usual :

  $IPTABLES -N syn-flood
  $IPTABLES -A syn-flood -m limit --limit 50/s --limit-burst 104 -j RETURN

One way is to add a line here like the following:

$IPTABLES -A syn-flood -j LOG --log-prefix SYN-flood: 

This will log each packet before the next rule with drops it. The
logging will go to syslog with the above prefix prepended.

  $IPTABLES -A syn-flood -j DROP
  $IPTABLES -A OUTPUT -p tcp --syn -j syn-flood

 Now how do i actually find out if the packets are being dropped.
 i.e where shud I chk my system log files to see the dropped packets
 ... I mean which file is it n under which dir ..

The logging done as shown above goes to syslog.  I use syslog-ng and
filter the firewall log messages into a separate file.

 And.. where shud I add the LOG prefix in the chains ?
 Please help me out as i desperately need to know this. Help truly 
 appreciated. 

The prefix is shown above.

jc

-- 
Jeff CoppockSystems Engineer
Diggin' Debian  Admin and User