[lug] ipchains logs and nmap audit

George Sexton gsexton at mhsoftware.com
Sat Jan 22 10:00:22 MST 2000 

I need to drink coffee before responding...

To rephrase:

My guess is that a preceding rule is bypassing this rule. Can you post the
output of ipchains -L input?

George Sexton
MH Software, Inc.
Voice: 303 438 9585
Fax: 303 469 9679
URL: http://www.mhsoftware.com

-----Original Message-----
From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]On
Behalf Of George Sexton
Sent: Saturday, January 22, 2000 9:47 AM
To: lug at lug.boulder.co.us
Subject: RE: [lug] ipchains logs and nmap audit


My guess that a preceding rule is doing jumping it to accept. Can you do an
ipchains -L input and list all of the rules?

George Sexton
MH Software, Inc.
Voice: 303 438 9585
Fax: 303 469 9679
URL: http://www.mhsoftware.com

-----Original Message-----
From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]On
Behalf Of Subba Rao
Sent: Saturday, January 22, 2000 5:51 AM
To: Denver Linux Users
Subject: [lug] ipchains logs and nmap audit



I have several ipchain rules. One of them is:

ipchains -A input -i ppp0 -p TCP --destination-port 21 -l -j DENY

Why are these ipchains not doing any logging?  I do have the -l option
invoked for logging. The packet is supposed to be denied at the IP level
and then logged into syslog. When I try to connect from another address to
the IP address of the ppp0 interface, nothing gets logged. Instead, the
tcplogd daemon
captures it into the log. tcplogd is an application level filter and not at
IP level.
Why is this ipchains rule (and others) not getting logged?

The kernel is 2.2.14.

None of the connections to the services are getting logged by ipchains
filters.

I have used nmap on the ppp0 interface and yet it is not getting logged.

How are you auditing your services on the ppp0 interface? What options in
ipchains
are you using to do the logging?

Thank you in advance.

Subba Rao
subb3 at attglobal.net
http://pws.prserv.net/truemax/

 => Time is relative. Here is a new way to look at time. <=
http://www.smcinnovations.com


_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug


_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list