Quoth Guy Cohen: > On Tue, Aug 13, 2002 at 09:59:40PM +0300, Official Flamer/Cabal NON-Leader wrote: > > assume you have developed it yourself. If I am mistaken, please indicate > > which version of iptables you are using. > > 1.2.6a > look in README
The version I have does not have THAT. Mine's Debian, so they COULD have chopped it out. Or, it could have been the other way around - it is not in the base kernel version of netfilter. I am checking on the netfilter site itself. > > If so, you seem to be letting SOMETHING through - enough to form a TCP > > connection (i.e. SYN, SYN+ACK). Could you send tcodump? > > yup, 3 way handshake goes thru. If so, however, the answer to the above does NOT matter. Errr. WAIT WAIT WAIT. You and me stupid both. Look at it THIS way: SERVER FW CLIENT ------ ---- ------ a IDLE <--------- CONNECT b LISTENING ---------> WAITING c WAITING <--------- HERE'S NIMDA FOR YOU! d WAITING @#$ -- WAITING e WAITING @#$ -- WAITING [snip of TCP_TIMEOUT] WAITING y SCREW IT! WAITING z LOG a+b Therefore, you CANNOT prevent logging info without KNOWING in advance that some form of an attack is going to be following a legal connection, OR having the kernel inform the application (i.e. netfilter inform apache) that the connection associated with this fd should not be logged. Marc ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
