-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I've found a big hairy bug in the script. The bug was eating some of the records :)
The new new version is now available for download.
BTW: I've added a few more features (total attempts by source address and a log
extract listing all de log lines).
On Fri, 13 Jul 2001 17:51:41 -0300, Federico Voges wrote:
>Hi,
>
>I've been looking at my log files for a few days, I've found several
>atempts
>to connect to port 1178. So I wrote a small perl script to scan all my
>log
>files (/var/log/messages*) for this kind of events.
>
>The log entries it looks for are the ones generated by ipchains when
>used
>with the -l flag.
>
[snip]
>
>
>If anyone is interested in the script, it's available for download
>here:
>
>http://www.shadowsun.com.ar/~fvoges/scan_log/scan_log.pl
>
>Please have a look at the 4th line, the conection appears to be from MY
>
>server to MY server (!?).
>Obviously, I did check for an intrusion. But haven't found any signs of
>it
>(can be source address spoofing??).
>
>Bye.
>
>Federico Voges
>
>PGP Public Key Fingerprint: A536 4595 EB6F D197 FBC1 5C3A 145C 2516
>
>
>_______________________________________________
>http://linux.nf -- [EMAIL PROTECTED]
>Archives, Subscribe, Unsubscribe, Digest, Etc
>->http://linux.nf/mailman/listinfo/linux-users
- --
http://www.intrasoft.com.ar/
Servicios Informaticos para Empresas
PGP Public Key Fingerprint: A536 4595 EB6F D197 FBC1 5C3A 145C 2516
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its
affiliated companies.
iQA/AwUBO0+Q1RRcJRaVKt4XEQJDfQCfXAz1mCDBXyhUC22CXo4uRO/b7xAAoJie
1IDExpg5cTOeEFgVK+GlxXJb
=G/+j
-----END PGP SIGNATURE-----
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users
