[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <684309.25266.qm@web52508.mail.re2.yahoo.com>
Date: Tue, 19 Jun 2007 12:36:00 -0700 (PDT)
From: Marc Perkel <mperkel@...oo.com>
To: Jan Engelhardt <jengelh@...putergmbh.de>
Cc: linux-kernel@...r.kernel.org
Subject: Re: How would I do this? (expert tricks) OT
--- Jan Engelhardt <jengelh@...putergmbh.de> wrote:
>
> On Jun 19 2007 10:14, Marc Perkel wrote:
> >>
> >> tcpdump -lni any port 25
> >> iptables -p tcp --dport 25 -j NFQUEUE
> >> ...
> >>
> >
> >Thanks Jan, but I'm not sure it answers my
> question.
>
> There's more than one way to do it.
>
> One is...
> tcpdump -lni eth0 tcp [extra operands to match SYN
> packets] |
> myprogram
>
> a longer one is to write your own netfilter
> userspace program
> that receives the TCP SYNs (by means of -j NFQUEUE)
> and does
> take action.
>
> Another one is to use -j LOG and let your program
> parse
> down /var/log/firewall. Like
>
> iptables -A INPUT -p tcp --dport 25 --syn -j LOG
> --log-prefix "[evil]"
> tail -f /var/log/firewall | grep '^\[evil\]' |
> myscript
>
> myscript:
> #!/usr/bin/perl
>
> while (defined(my $line = <>)) {
> my($ip) = ($line =~ /SRC=(\S+)/);
> # Do something
> }
>
> >I want to run a script every time a connection
> attempt is made in real time
>
> The scripts runs constantly, preferably.
>
> >with the IP address as a parameter to the script.
> How would I do that? Suppose
> >my script is:
> >
> >iplog <ipaddress>
> >
> >
> >
> >
> >
>
>____________________________________________________________________________________
> >Take the Internet to Go: Yahoo!Go puts the Internet
> in your pocket: mail, news, photos & more.
> >http://mobile.yahoo.com/go?refer=1GNXIC
> >
Thanks Jan,
I think what you sent me is workable. I noticed it
goes to the file /var/log/messages. Is there a way to
make it go to a specific file? Thanks a lot for your
help. I've been experimenting with some new and very
interesting ways to catch spam and this could be yet
another breakthrough.
____________________________________________________________________________________
Shape Yahoo! in your own image. Join our Network Research Panel today! http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists