RE: [plug] syslog

Wed, 09 May 2001 09:08:24 -0700 

is there a linux conference? hey, please advice us. thanks in advance.

Fritz Mesedilla
Systems Administrator

"Ooops! Save your work, everyone. FAST!"
----------------------------------------------------------------------------
Summit Interactive, Inc.

http://www.femalenetwork.com | http://www.candymag.com
http://www.fhm.com.ph | http://www.cosmo.com.ph

FHM | Seventeen | Candy | Cosmopolitan | Preview | Good Housekeeping
----------------------------------------------------------------------------
email: [EMAIL PROTECTED]   icq#: 23476449   yahoo id: fritzcm
http://www.fritzmesedilla.net and http://www.fritz.iscute.com
----------------------------------------------------------------------------
+Basta Ikaw Lord

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Ambrosio Berdijo Jr.
Sent: Thursday, May 10, 2001 12:03 AM
To: [EMAIL PROTECTED]
Subject: Re: [plug] syslog


Let me guess this stealth logger:

1. It's a DOS computer running the old packet driver based network
sniffer.
   It has no protocol stack so it can't be fingerprinted, scanned,
tracerouted,    etc. Probably filtering packets based on remote server's
IP address and    dumping them to a hard disk.

OR

2. The UTP to your stealth logger has the TX wires cut.

Share mo naman sa next Linux conference (hope there's one coming
soon...)

Ambo



fooler wrote:
>
>
> hi fritz,
>
>     on your syslog server inside /etc/syslog.conf
>
>      facility.level                    /path/logfile
>
>     for every remote host inside your /etc/syslog.conf
>
>     facility.level                    @ip_address_of_your_syslog_server
>
>     aside from securing your log files, i cant teach you (confidential
:->) how to make your syslog server becoming a
> stealth server... meaning it cannot ping, traceroute, fingerprinting nor
port scan by an attacker or what i mean is
> that, it doesnt exist that there is a syslog server on your network from
the public network point of view but im still
> using a public ip address for my syslog server and all remote host is
logging their logs to my syslog server without
> using any complex tools nor design. :->
>
> fooler.
>
> _
> Philippine Linux Users Group. Web site and archives at
http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
_
Philippine Linux Users Group. Web site and archives at
http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]

To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]

_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]

To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
[EMAIL PROTECTED]

Reply via email to