Raj Singh ([EMAIL PROTECTED]) said:
> I had posted this on 27th Feb, 1998 and have got no replies. Trying once
> again.
>
> Does the 2.0.32 Linux kernel (which is patched for teardrop and f00f) log
> the attempts for such attacks on the system ?
>
> If yes, how can the logging be enabled so that the attack can be traced ?
> which file(s) store such info ?
>
> If no (by default), can logging be done for such attacks and how ?
I believe, although I'm not sure, that it doesn't by default record
information on teardrop-type attacks in part because the source address
is, AFAIR, nearly always spoofed. From looking at the source, if you define
NETDEBUG (in linux/include/net/sock.h), it will spit out something at you
if it gets some invalid fragments. Of course, if you do this, then it will also
print a bunch of other gory networking details.
There's a couple of printk's in the kernel trap_init_f00f_bug routine, so I
suppose they may be somewhat logged (of course, if you're vulnerable, it will
tell you on boot). I'm not a kernel expert, so I couldn't tell you for sure.
If you want other logging for these events, you're welcome to modify the
kernel sources. :) In all seriousness, linux-kernel and linux-net may have
been better places to ask this...
Bill
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
