On 8/7/2014 5:01 PM, merc1...@f-m.fm wrote: > > On Thu, Aug 7, 2014, at 16:23, Tom Eastep wrote:
>> >> To get an immediate indication when a connection is being made, you can >> install the 'conntrack' package, then run: >> >> conntrack -E -p tcp --dport 13 > > The basic problem is I can never predict which port it's going to try > next. > > Shorewall can only tell me the UID not the PID so I can't track this > down. Shorewall can't tell you the pid because Netfilter doesn't provide a capability that would allow Shorewall to request the PID in log messages! > > I can't believe that no one's ever thought of these things before. > Shorewall is a firewall configuration tool, not an IDS. If you want an IDS, install one. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
