-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jim Ford wrote:
> Any tips regarding spotting genuine attacks on a Bering UClib box, rather
> than 'noise'? Are there any 'dead giveaway' ports or IP addresses?
>
> Jim Ford
Jim,
That's hard to answer because the pattern changes over time. What I
Any tips regarding spotting genuine attacks on a Bering UClib box, rather
than 'noise'? Are there any 'dead giveaway' ports or IP addresses?
Jim Ford
---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problem
Stirling Westrup wrote:
Now machine .17 is a windows box and the tunnel application its running is
proprietary, so there's not a lot of configuring I can do there. This means
I'm stuck with this perverse situation. How should I configure my firewall to
cope?
http://shorewall.net/Multiple_Zones.
On 5 Jul 2004 at 8:29, Ronny Aasen wrote:
> On Sat, 2004-07-03 at 05:15, Stirling Westrup wrote:
> > I understand most of the log messages I see from Shorewall, but I keep
> > getting a bunch of this form:
> >
> > Dec 31 19:00:00 creaky Shorewall:all2all:REJECT: IN= OUT=eth1 MAC=
> > SRC=192.168
On Sat, 2004-07-03 at 05:15, Stirling Westrup wrote:
> I understand most of the log messages I see from Shorewall, but I keep
> getting a bunch of this form:
>
> Dec 31 19:00:00 creaky Shorewall:all2all:REJECT: IN= OUT=eth1 MAC=
> SRC=192.168.1.254 DST=192.168.1.17 LEN=241 TOS=00 PREC=0x00 TTL=6
I understand most of the log messages I see from Shorewall, but I keep
getting a bunch of this form:
Dec 31 19:00:00 creaky Shorewall:all2all:REJECT: IN= OUT=eth1 MAC=
SRC=192.168.1.254 DST=192.168.1.17 LEN=241 TOS=00 PREC=0x00 TTL=64 ID=10067
PROTO=ICMP TYPE=5 CODE=1 GATEWAY=192.168.1.17
My q
