OK, I opened port 80. Now I get the following log
action:
May 5 06:12:49 firewall sh-httpd[2284]: refused
connect from dsl092-171-025.wdc1.dsl.speakeasy.net
May 5 06:12:54 firewall sh-httpd[2285]: refused
connect from dsl092-171-025.wdc1.dsl.speakeasy.net
May 5 06:13:03 firewall sh-httpd[2286]:
Here are my options for running LaBrea with only one IP;
-i eth0 -l -p 8 -z -x -F /etc/LaBrea.bpf
It has been while since I set it up (Thanks to Charles and Simons help)
but if I remember right, the -x tells LaBrea to not capture an IP for it's use.
The -F /etc/Labrea.bpf setting is just a
Jabez:
Heya. So you know up-front: I've not installed LaBrea
on my systems here. I like the idea of it, of course, but
haven't done anything about it.
That being said, here's what I see below. Now that
you've opened port-80, it looks like your sh-httpd process
(which I believe
Jabez:
Heya. As you probably know, that log looks like a
CodeRed worm (an IIS web-server virus from early last year).
It also looks like your firewall is simply blocking this
packet before any other process can see it, including LaBrea.
This seems to me a Good Thing. :)
-Scott
I just
Hello,
I just finished installing LaBrea in my Dachstein
firewall, and I'm not sure it's actually working. Can
someone help?
The install seemed to go smoothly, and it seems to be
running, but I'm not getting any messages in syslog
when a port scan comes in. Just the usual:
May 2 03:27:23
