Firewalls: Re: Linux network monitoring

Firewalls
(May 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Linux network monitoring
From:	Eric Wieling <ewieling @ hephaestus . icorp . net>
Date:	Fri, 10 May 1996 04:15:46 -0500 (CDT)
To:	peter @ baileynm . com (Peter da Silva)
Cc:	zarquon @ popalex1 . linknet . net, firewalls @ GreatCircle . COM
In-reply-to:	<9605081941 . AA04347 @ sonic . nmti . com . nmti . com> from "Peter da Silva" at May 8, 96 02:41:39 pm

Some time ago Peter da Silva said:

> So write a new daemon to do the job. Just have it open all the ports
> and feed him poisoned bait. Now that I think of it, klaxon's the wrong
> way to go, too. You want a program that completes the open and waits
> for the bad guy to go away. Echo would work.

On the network I admin we run a select few services on the machines
we have exposed to the 'Net.  I run other stuff on the ports that are
likely to be scanned as well as blocking access to some services at
our router.  For example, I was running tcpd and tcpsuck on the
finger port of our machines, but it seems that too many people would
think that the finger request died and try again, and again.  I wrote
a tiny daemon that simply logs the user they were trying to finger
and return a "service denied" type of message to them.  I also do the
same thing with telnet.

-- 
Eric Wieling
Network Operations Center
Inter Commerce Corporation
Technical Support: 504-525-1868
Administrative: 504-585-7303

References:

Re: Linux network monitoring
From: peter @ baileynm . com (Peter da Silva)

Indexed By Date	Previous:	ICMP risks to firewalls From: rjb @ pop . sunalliance . com (Richard Bignell)
Indexed By Date	Next:	Encrypted IP Tunnel -- interoperability & single-user workstation support From: bukys @ cs . rochester . edu
Indexed By Thread	Previous:	Re: Linux network monitoring From: Doug Hughes <Doug . Hughes @ Eng . Auburn . EDU>
Indexed By Thread	Next:	Re: Linux network monitoring From: zarquon @ popalex1 . linknet . net