No subject


Tue Nov 29 10:43:08 WST 2011


IpLogger Package                                                                                                       
Mike Edulla                                                                                                            
medulla at infosoc.com                                                                                                    
============================                                                                                           
                                                                                                                       
These two programs let you log tcp and icmp connections in syslog, along                                               
with the hostname. They are just something I whipped up quickly, and could                                             
be improved alot - especially the icmp logging program.                                                                
                                                                                                                       
                                                                                                                       
tcplog                                                                                                                 
   This program logs all tcp connections to your host. It also makes a                                                 
attempt at detecting the ftpbounce attack described by hobbit at avian.org                                             
(read ftpbounce.txt included in this archive for a description of the                                                  
attack). The way we detect it is if a privledged (0-1023) connect comes on                                             
source port 20, we log it as a ftp bounce attack. Connections on source
port                                           
20 to non privledged ports are not logged at all - we assume those are ftp                                             
transfers, and ignore them. I would like to do the same with DCC                                                       
connections, if anyone knows how - email me.                                                                           
                                                                                                                       
icmplog                                                                                                                
   This program logs most icmp packets, or atleast the interesting ones
(we                                            
dont, for instance, log echo_replies). The ICMP logging could provide alot                                             
more information than it does, and I might add more information in the                                                 
future, but for now, it serves well enough.                                                                            
                                                                                                                       
ADDITION: on 4/20/1998 by Shawn Michael <blkmajik at mcn.net>                                                             
        I added ident (rfc1413) support to tcplogd as I thought it would                                               
prove to add even more valuable info for logging purposes.

I found them via www.freshmeat.org I think, and run these daemons at
system boot up.

Terry



More information about the plug mailing list