Let me guess this stealth logger:
1. It's a DOS computer running the old packet driver based network
sniffer.
It has no protocol stack so it can't be fingerprinted, scanned,
tracerouted, etc. Probably filtering packets based on remote server's
IP address and dumping them to a hard disk.
OR
2. The UTP to your stealth logger has the TX wires cut.
Share mo naman sa next Linux conference (hope there's one coming
soon...)
Ambo
fooler wrote:
>
>
> hi fritz,
>
> on your syslog server inside /etc/syslog.conf
>
> facility.level /path/logfile
>
> for every remote host inside your /etc/syslog.conf
>
> facility.level @ip_address_of_your_syslog_server
>
> aside from securing your log files, i cant teach you (confidential :->) how to
>make your syslog server becoming a
> stealth server... meaning it cannot ping, traceroute, fingerprinting nor port scan
>by an attacker or what i mean is
> that, it doesnt exist that there is a syslog server on your network from the public
>network point of view but im still
> using a public ip address for my syslog server and all remote host is logging their
>logs to my syslog server without
> using any complex tools nor design. :->
>
> fooler.
>
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
