Hello, I just finished installing LaBrea in my Dachstein firewall, and I'm not sure it's actually working. Can someone help?
The install seemed to go smoothly, and it seems to be running, but I'm not getting any messages in syslog when a port scan comes in. Just the usual: May 2 03:27:23 firewall kernel: Packet log: input DENY eth0 PROTO=6 66.13.219.74:3816 66.92.149.119:80 L=48 S=0x00 I=31217 F=0x4000 T=114 SYN (#40) May 2 03:27:26 firewall kernel: Packet log: input DENY eth0 PROTO=6 66.13.219.74:3816 66.92.149.119:80 L=48 S=0x00 I=31660 F=0x4000 T=114 SYN (#40) Shouldn't there be some activity from LaBrea on this type of scan? The version I installed was obtained from Charles Steinkuehler's site - v. 2.2, I believe. I followed the advice and installed ifconfig.lrp and made sure eth0 went into promiscuous mode. Here's an excerpt from my boot up syslog: May 1 23:43:07 firewall /usr/sbin/LaBrea: Initiated on interface eth0 May 1 23:43:07 firewall kernel: LaBrea uses obsolete (PF_INET,SOCK_PACKET) May 1 23:43:07 firewall kernel: device eth0 entered promiscuous mode May 1 23:43:07 firewall kernel: device eth0 left promiscuous mode May 1 23:43:09 firewall kernel: device eth0 entered promiscuous mode If I do a ps -ef, I get 822 root S /usr/sbin/LaBrea -i eth0 -l -p 80000 -z which says to me LaBrea is running with logging turned on. I didn't mess with any of the settings in /etc/init.d/LaBrea - just used whathever was there already. For reference, my kernel is: Linux version 2.2.19-3-LEAF (root@debian) (gcc version 2.7.2.3) #1 Sat Dec 1 12:15:05 CST 2001 Can someone shed some light? Thanks! Jabez __________________________________________________ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
