This is a multi-part message in MIME format. --------------2AEE25058D7D2CE65FBDC9BE Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit The Wolf wrote: > Do you see anything like > > Mar 16 22:18:37 YourBox kernel: Packet log: input DENY eth0 PROTO=1 > 1.2.3.4:0 1.2.3.4:0 L=84 S=0x00 I=38756 F=0x4000 T=241 (#5) > > These would be your logging done by the kernel > > You have to specifie the -l option of firewall rules you want to track. > > Now I do not know if you are running some other scan detection besides > the > ones provided by the ipchains. > > If not you shoud consider logging any syn packets trying to hit your box > on 0 - 1024 and 6000 - 6060 > > The Wolf > > "der.hans" wrote: > > > On Fri, 17 Mar 2000, Furmanek, Greg wrote: > > > > > did you check /var/log/messages ?? > > > > Yup. Same with syslog, auth.log and all the other logs. > > > > ciao, > > > > der.hans > > -- > > # +++++++++++=================================+++++++++++ # > > # der.hans@LuftHans.com www.excelco.com # > > # http://home.pages.de/~lufthans/ # > > # I'm not anti-social, I'm pro-individual. - der.hans # > > # ===========+++++++++++++++++++++++++++++++++=========== # > > > > _______________________________________________ > > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > -- > "The questions is not if we are paranoid, > the question is if we are paranoid enough." -- "The questions is not if we are paranoid, the question is if we are paranoid enough." --------------2AEE25058D7D2CE65FBDC9BE Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Mozilla-Status2: 00000000 Message-ID: <38D2F9CE.3E7B9698@speedchoice.com> Date: Fri, 17 Mar 2000 20:36:46 -0700 From: The Wolf X-Mailer: Mozilla 4.7 [en] (X11; I; Linux 2.2.14-1mdklinus i586) X-Accept-Language: en MIME-Version: 1.0 To: plug-discuss@lists.PLUG.phoenix.az.us, "der.hans" Subject: Re: port scanning References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Do you see anything like Mar 16 22:18:37 YourBox kernel: Packet log: input DENY eth0 PROTO=1 1.2.3.4:0 1.2.3.4:0 L=84 S=0x00 I=38756 F=0x4000 T=241 (#5) These would be your logging done by the kernel You have to specifie the -l option of firewall rules you want to track. Now I do not know if you are running some other scan detection besides the ones provided by the ipchains. If not you shoud consider logging any syn packets trying to hit your box on 0 - 1024 and 6000 - 6060 The Wolf "der.hans" wrote: > On Fri, 17 Mar 2000, Furmanek, Greg wrote: > > > did you check /var/log/messages ?? > > Yup. Same with syslog, auth.log and all the other logs. > > ciao, > > der.hans > -- > # +++++++++++=================================+++++++++++ # > # der.hans@LuftHans.com www.excelco.com # > # http://home.pages.de/~lufthans/ # > # I'm not anti-social, I'm pro-individual. - der.hans # > # ===========+++++++++++++++++++++++++++++++++=========== # > > _______________________________________________ > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- "The questions is not if we are paranoid, the question is if we are paranoid enough." --------------2AEE25058D7D2CE65FBDC9BE--