Hi raju,
This sounds interesting! Please provide the link, where you intend to put up the rpm's
and
the source.tar.gz
Regards,
Sanvir Jham
Raju Mathur wrote:
> Hi,
>
> The other day I managed to p*ss off some Romanian dudes on IRC (it's
> easy -- just kick them out of the channel for not behaving) and got
> attacked over the 'net. The Packet logger I was running --
> {tcp,udp,icmp}logd -- wasn't able to keep up with the traffic
> generating so many DNS lookups and sort of collapsed. I had to
> iptable out the packet sources and kill the loggers manually before
> the system became usable again.
>
> That started me off on a search for a decent logger which would
> automatically detect floods and not use up all available bandwidth in
> trying to reverse resolve hosts in that situation. After much
> searching I came across a program called iplog and tried it out.
>
> After using it for some 3-4 days I feel that iplog is a godsend for
> anyone who's interested in knowing what's happening on her system
> connected to the 'net. Features (from the README) include:
>
> iplog is a TCP/IP traffic logger. Currently, it is capable of logging
> TCP, UDP and ICMP traffic. Adding support for other protocols should
> be relatively easy.
>
> iplog's capabilities include the ability to detect TCP port scans, TCP
> null scans, FIN scans, UDP and ICMP "smurf" attacks, bogus TCP flags
> (used by scanners to detect the operating system in use), TCP SYN
> scans, TCP "Xmas" scans, ICMP ping floods, UDP scans, and IP fragment
> attacks.
>
> iplog is able to run in promiscuous mode and monitor traffic to all
> hosts on a network.
>
> iplog uses libpcap to read data from the network and can be ported to
> any system that supports pthreads and on which libpcap will function.
>
> </quote>
>
> In addition to the all-important scan and flood detection, Iplog has
> the facility of ignoring traffic of specific types and to/from
> specific ports (e.g. don't log DNS lookups and results). Iplog will
> also stop reverse resolving when a flood is detected, so your
> bandwidth remains uncluttered (at least by the DNS traffic).
>
> I've got a working iplog.conf file, and would be willing to put up RH
> 6.2 RPM's with that file if enough people are interested. If you like
> I can put up the source RPM too so you can compile it for other
> RPM-based machines, as well as the source.tar.gz for other
> architectures.
>
> Regards,
>
> -- Raju
> --
> Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/
> It is the mind that moves
>
> ================================================
> To subscribe, send email to [EMAIL PROTECTED] with subscribe in subject header
> To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject
>header
> Archives are available at http://www.mail-archive.com/ilugd%40wpaa.org
> =================================================
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sanvir Singh Jham
Velocient Technologies Limited, New Delhi
Tel: 694 5226/7/8 Fax: 694 3732
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Registered Linux User #163808 at http://counter.li.org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Just Believe in the Best
================================================
To subscribe, send email to [EMAIL PROTECTED] with subscribe in subject header
To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header
Archives are available at http://www.mail-archive.com/ilugd%40wpaa.org
=================================================
