|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alexander List (alexlist
sbox.tu-graz.ac.at)Date: Wed Oct 31 2001 - 13:01:09 CST
On Wed, 31 Oct 2001, Sanjeev B.S. wrote:
> But occasionally I would get some portsentry warnings, telling some port
> is getting probed. (I think all UDP only, I am not sure. Ports are
> usually 137, 138, 80, etc.)
I run iplogger and observe similar behaviour. But I think those tools are
running in promiscuous mode, so they will probably log everything kinda
"natively", analyzing packets themselves, and the packets don't have to
traverse the kernel's IP stack (and/or ipchains) to get logged. I have -l
switches on my ipchains deny rules so I see everything logged that I
actually don't want to see on my system ;-)
If I'm talking complete nonsense, someone please correct me ;-)
Alex
--
People often think of research as a form of development -- that it's
about doing exactly what you planned, doing it on time, and doing it
with resources that you said you'd use. But if you're going to do
that, you have to know what you are doing, and if you know what you
are doing, it isn't really research."
--Dave Liddle, The New Yorker, Feb. 23/Mar.2, 1998, p84
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]