port scanning
The Wolf
xanadu@speedchoice.com
Fri, 17 Mar 2000 20:36:46 -0700
Do you see anything like
Mar 16 22:18:37 YourBox kernel: Packet log: input DENY eth0 PROTO=1
1.2.3.4:0 1.2.3.4:0 L=84 S=0x00 I=38756 F=0x4000 T=241 (#5)
These would be your logging done by the kernel
You have to specifie the -l option of firewall rules you want to track.
Now I do not know if you are running some other scan detection besides
the
ones provided by the ipchains.
If not you shoud consider logging any syn packets trying to hit your box
on 0 - 1024 and 6000 - 6060
The Wolf
"der.hans" wrote:
> On Fri, 17 Mar 2000, Furmanek, Greg wrote:
>
> > did you check /var/log/messages ??
>
> Yup. Same with syslog, auth.log and all the other logs.
>
> ciao,
>
> der.hans
> --
> # +++++++++++=================================+++++++++++ #
> # der.hans@LuftHans.com www.excelco.com #
> # http://home.pages.de/~lufthans/ #
> # I'm not anti-social, I'm pro-individual. - der.hans #
> # ===========+++++++++++++++++++++++++++++++++=========== #
>
> _______________________________________________
> Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
--
"The questions is not if we are paranoid,
the question is if we are paranoid enough."