[EMAIL PROTECTED] wrote: > > On Sun, Jul 16, 2000 at 04:21:28PM +0000, Patrick Barr wrote: > > > > I need somebodys help on this.... > > > > What I want to do, is run a programme that will monitor my ppp0 > > connection for any attempts from anyone to connect to a port and FAIL. > > I am running 2.4.0 test2 (but I will soon move back to 2.2.16 when > > potato comes out) and I dont have netfilter on, I just have hosts.deny > > set to all:all. > > If you are looking to see if someone is getting through your ipchains and > getting stopped by tcp_wrappers, you can change your hosts.deny from > ALL: ALL to > > ALL: ALL: spawn ( \ > echo -e "\n\ > TCP Wrappers\: Connection refused\n\ > By\: $(uname -n)\n\ > Process\: %d (pid %p)\n\ > User\: %u\n\ > Host\: %c\n\ > Date\: $(date)\n\ > " | /bin/mail -s "Connection to %d blocked" root) > > This will send you an email whenever someone gets through to > tco_wrappers.
Please consider the side effects of this: a simple DOS would be generating a huge amount of TCP requests towards this machine forcing the system to send an email every time. Sometimes it can make the target unusable... Ciao, Mario.
