Hi,
This tiny patch extends ipchains logging. This way one can distinguish
(plain) connection attempts and (stealth) scans. E.g.
kernel: Packet log: input - lo PROTO=6 127.0.0.1:40326 127.0.0.1:80
L=40 S=0x00 I=5808 F=0x T=51 (#1)
vs.
L=40 S=0x00 I=5808 F=0x T=51 SYN ACK (#1)
and
L=40 S=0
On Wed, 6 Dec 2000, Rusty Russell wrote:
>Date: Wed, 06 Dec 2000 11:40:12 +1100
>From: Rusty Russell <[EMAIL PROTECTED]>
>To: Mike A. Harris <[EMAIL PROTECTED]>
>Cc: [EMAIL PROTECTED]
>Subject: Re: [PATCH] ipchains log will show all flags
>
>In mess
In message <[EMAIL PROTECTED]> you write
:
> Personally, I'd like to see the rule number stay on the end,and
> have the new display just before it. The rule number in the
> middle looks messy.
But what will break people's perl scripts?
I think leaving the rule number at the end is probably the
On Wed, 6 Dec 2000, Rusty Russell wrote:
>Date: Wed, 06 Dec 2000 00:55:09 +1100
>From: Rusty Russell <[EMAIL PROTECTED]>
>To: Christian W. Zuckschwerdt <[EMAIL PROTECTED]>
>Cc: [EMAIL PROTECTED]
>Subject: Re: [PATCH] ipchains log will show all flags
>
>In m
On 05-Dec-2000 Christian W. Zuckschwerdt wrote:
> Hi Linus,
>
> This tiny patch extends ipchains logging. This way one can
> distinguish
> (plain) connection attempts and (Xmas, Fin,...) scans. E.g.
> kernel: Packet log: input - lo PROTO=6 127.0.0.1:40326
> 127.0.0.1:80
> L=40 S=0x00 I=5808 F=
In message <0012051408110.1526-10@localhost> you write:
> Hi Linus,
>
> This tiny patch extends ipchains logging. This way one can distinguish
> (plain) connection attempts and (Xmas, Fin,...) scans. E.g.
> kernel: Packet log: input - lo PROTO=6 127.0.0.1:40326 127.0.0.1:80
> L=40 S=0x00 I
Hi Linus,
This tiny patch extends ipchains logging. This way one can distinguish
(plain) connection attempts and (Xmas, Fin,...) scans. E.g.
kernel: Packet log: input - lo PROTO=6 127.0.0.1:40326 127.0.0.1:80
L=40 S=0x00 I=5808 F=0x T=51 (#1)
vs.
L=40 S=0x00 I=5808 F=0x T=51 (#1) B=
7 matches
Mail list logo