[S.u.S.E. Linux] Logging ICMP packets
How can I log incoming ICMP packets on my webserver ? He's standalone on the internet... For logging TCP & UDP, I can use tcpd, ok... but for ICMP ??? (like, logging attack attempts - although they don't harm ;-), I have 2.0.34pre14) I can't find a icmplogd (like Debian has, although RH doesn't have it either) Can I use the firewalling ?? (although I don't want/need to protect a local network) me ---lan----> firewall -----internet----> [webserver]----internet---->>> And don't tell me I should change that, and put the webserver on the firewall - the LAN & the firewall aren't under my control (it's the highschool's network, and the webserver is the student's site). ;-) Thanx for ya help... Pascal /nick SuSE52 on #linux (IRCnet) root on www.student.prov-liege.be -- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
You can log the output of tcpdump. Normally tcpdump just outputs to whatever tty you exec it on, but if you exec "tcpdump -i device > filename" it will create a text file log. If you irc a lot this file can get BIG. Pascal Bleser wrote:
How can I log incoming ICMP packets on my webserver ? He's standalone on the internet... For logging TCP & UDP, I can use tcpd, ok... but for ICMP ??? (like, logging attack attempts - although they don't harm ;-), I have 2.0.34pre14) I can't find a icmplogd (like Debian has, although RH doesn't have it either)
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
There are many icmp loggers out there. I wrote one as a matter of fact. Interested, email me. -- Max Inux (MaxInux@bigfoot.com) UIN: 207447, <A HREF="http://khercs.dyn.ml.org"><A HREF="http://khercs.dyn.ml.org</A">http://khercs.dyn.ml.org</A</A>> Strong Cryptography makes the world a safer place- PGP: 0x5CCFCA59 Or Kinky sex makes the world go round- Christie: Your in my sig too ^^ If Cryptography is outlawed, only outlaws will have cryptography ^^ On Fri, 29 May 1998, Michael Lankton wrote:
You can log the output of tcpdump. Normally tcpdump just outputs to whatever tty you exec it on, but if you exec "tcpdump -i device > filename" it will create a text file log. If you irc a lot this file can get BIG.
Pascal Bleser wrote:
How can I log incoming ICMP packets on my webserver ? He's standalone on the internet... For logging TCP & UDP, I can use tcpd, ok... but for ICMP ??? (like, logging attack attempts - although they don't harm ;-), I have 2.0.34pre14) I can't find a icmplogd (like Debian has, although RH doesn't have it either)
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
-- To get out of this list, please send email to majordomo@suse.com with this text in its body: unsubscribe suse-linux-e
participants (3)
-
maxinux@khercs.dyn.ml.org -
pbleser@prov-liege.be -
satan@nfinity.com