On Sat, 2003-08-16 at 19:10, Robert Canary wrote: > I've tried tcpdump. However, this is a stealth syn attack. I used > #>tcpdump -u root -i any port 1080 > > I can watch the log files as portsentry continues to log the attempts, > but tcpdump shows nothing. > > Any more ideas?
I don't know where tcp gets access to the packte but I assume that it is after the filtering takes place so that nothing actually gets to a userspace program. THis looks interesting: http://dissemble.net/tlug-archive/02-04/23742.html It describes a module that can be plugged into iptables to allow for the logging of packets caught by a rule Bret -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
