On Mon, 17 Jul 2000, Toth Attila wrote:
> Some comments on the topic: > > On Mon, 17 Jul 2000, Florian Friesdorf wrote: > > On Mon, Jul 17, 2000 at 01:41:46AM +0200, A. Vije wrote: > > > On Sun, 16 Jul 2000, Patrick Barr wrote: > > > > > > > What I want to do, is run a programme that will monitor my ppp0 > > > > connection for any attempts from anyone to connect to a port and FAIL. > > > > I am running 2.4.0 test2 (but I will soon move back to 2.2.16 when > > > > potato comes out) and I dont have netfilter on, I just have hosts.deny > > > > set to all:all. > > > > > > You can just cat (or tail -f for realtime stats) your syslog (tail -f > > > /var/log/syslog) for as for as i know all attempts get logged there. > > > > afaik you need the iplogger package installed, > > including tcplogd and icmplogd, doing exactly what their names sound like. > > As far as I know: if you are running a packet filter, and that is the > reason why a connection attempt fails, than this event won't reach tcplog, > but still appears in syslog (if you filter is configured in this way). > > > for 2.2.x kernels 'ipchains -I input 1 -i ppp0 -l -y -p tcp' > > will log all incoming tcp connection attempts through ppp0. > > --> 'man ipchains', for further details > > If you are using your ppp hard, this rule will produce a lot of logged > data. It is more reasonable to set the packet filter to log the tcp > connections, which are REJECTed or DENYed by it. This will probably make > less logged data. Am I right? > > > > Small note Potato ships with 2.2.17pre6. (i`m looking forward to it .. :) > > Will potato really ship with a pre-kernel? In this case why don't > patch-2.4.0-test4? (I know, that this mailing list is not dedicated for > questions like this) Not a 2.4.0 because that's a major kernel upgrade, with new functions, where potato is now frozen, so there can't be major upgrades whatsever anymore. Ron Rademaker > > > Happy logging, > Dw. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
