Also sprach Michael Welle <[EMAIL PROTECTED]> (Mon, 03 Oct 2005 21:18:05 +0200): > Hallo, > > Richard Mittendorfer <[EMAIL PROTECTED]> writes: > > Also sprach Michael Welle <[EMAIL PROTECTED]> (Mon, 03 Oct 2005 17:11:10 > > +0200): > [...] > > Wenn ippl mit promisc mode arbeitet bekommt er ua. udp-Hits (am tcp- > > gedroppten) Port 22 mit. Warum dann jemand 661 Versuche starten sollte > > ist 'ne andere Sache. Pruef' mal deinen Rechner von aussen. > hm. Bringt ja nix. Ich kann das Verhalten triggern: > > Eingabe: > Stella:~> date && telnet x.x.x.x 0 > Mon Oct 3 21:05:56 CEST 2005 > Trying x.x.x.x... > telnet: Unable to connect to remote host: Connection refused > Stella:~> date && telnet x.x.x.x 0 > Mon Oct 3 21:11:08 CEST 2005 > Trying x.x.x.x... > telnet: Unable to connect to remote host: Connection refused > > Ausgabe: > Oct 3 21:05:56 port 0 connection attempt from x.x.x.x > (x.x.x.x:40079->x.x.x.x:0) > Oct 3 21:09:06 last message repeated 21 time(s) > Oct 3 21:11:08 port 0 connection attempt from x.x.x.x > (x.x.x.x:44632->x.x.x.x:0)
Was passt dir hier nicht? > Wenn keiner mehr etwas weiss, werde ich wohl mal einen bug report > riskieren. Das koennte ein wenig Licht in die Sache bringen: $ apt-cache show ippl ----[...]--------------------------------------------------------------------------- Description: IP protocols logger writes information about incoming ICMP messages, TCP connections and UDP datagrams to syslog. . It is highly configurable and has a built-in DNS cache. . Please note that upstream is rather inactive lately (4-5 years), and that there are some rather nasty bugs. . An incomplete list of the bugs includes: - random packets don't get logged sometimes - stops logging at all after some weeks - ipv6 never got implemented - documentation is out of sync. . Trying to fix these bugs is not easy. Please do not expect the Debian maintainer to do this, but patches are appreciated. . Please consider using a fully-grown intrusion detection system (like snort) instead of ippl. ------------------------------------------------------------------------------ > VG > hmw sl ritch -- Haeufig gestellte Fragen und Antworten (FAQ): http://www.de.debian.org/debian-user-german-FAQ/ Zum AUSTRAGEN schicken Sie eine Mail an [EMAIL PROTECTED] mit dem Subject "unsubscribe". Probleme? Mail an [EMAIL PROTECTED] (engl)
